Multiple vulnerabilities have been reported in RealOne Player, RealPlayer, and Helix Player, which can be exploited by malicious people to compromise a user's system and delete files.
1) An unspecified error when running local RM files can potentially be exploited to execute arbitrary code.
The vulnerability has been reported in:
* RealPlayer 8 / 10 / 10.5 Beta (6.0.12.1016) / 10.5 (6.0.12.1040) / Enterprise
on Windows
* RealOne Player v1, v2 on Windows
* Mac RealPlayer 10 Beta and Mac RealOne Player
* Linux RealPlayer 10 and Helix Player on Linux
2) A problem with malformed calls can be exploited to execute arbitrary code by embedding the player on a malicious website and making specially crafted calls.
The vulnerability has been reported in RealPlayer 10 / 10.5 Beta (6.0.12.1016) / 10.5 (6.0.12.1040) and RealOne Player v1, v2 on Windows.
3) An unspecified error allows malicious websites and media files to delete arbitrary local files.
The vulnerability has been reported in RealPlayer 10 / 10.5 Beta (6.0.12.1016) / 10.5 (6.0.12.1040) and RealOne Player v1, v2 on Windows.
SOFTWARE:
RealPlayer 8
RealPlayer 10
RealOne Player v2
RealOne Player v1
Helix Player 1.x
RealPlayer Enterprise
SOLUTION:
Apply updates (see the original vendor advisory).
PROVIDED AND/OR DISCOVERED BY:
John Heasman and Marc Maiffret.
http://community.securityteam.us/article.php/20041008102546412