eEye Digital Security has reported a vulnerability in RealPlayer and RealOne, which potentially can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to a boundary error in a 3rd-party compression
library (DUNZIP32.dll) when processing skin files. This can be exploited to
cause a buffer overflow via a specially crafted skin file.
Successful exploitation allows execution of arbitrary code.
The vulnerability affects the following versions:
* RealPlayer 10.5 (prior to build 6.0.12.1056)
* RealPlayer 10
* RealOne Player v2
* RealOne Player v1
SOFTWARE:
RealOne Player v1
RealOne Player v2
RealPlayer 10.x
SOLUTION:
Fixes are available via the "Check for Update" feature.
PROVIDED AND/OR DISCOVERED BY:
eEye Digital Security
ORIGINAL ADVISORY:
RealNetworks:
http://www.service.real.com/help/faq/security/041026_player/EN/
http://community.securityteam.us/article.php/20041027162011805