Two vulnerabilities have been reported in various RealNetworks products, which can be exploited by malicious people to compromise a user's system.
1) A boundary error within the processing of WAV files can be exploited to cause a buffer overflow via a specially crafted WAV file.
2) A boundary error within the processing of SMIL files can be exploited to cause a stack-based buffer overflow via a specially crafted SMIL file.
Successful exploitation of the vulnerabilities allows execution of arbitrary code.
SOFTWARE:
Helix Player 1.x
RealOne Player v1
RealOne Player v2
RealPlayer 10.x
RealPlayer 8
RealPlayer Enterprise 1.x
SOLUTION:
Apply patches.
RealOne / RealPlayer for Windows and Mac:
Patches are available via the "Check for Update" feature.
RealPlayer Enterprise:
http://service.real.com/help/faq/security/security022405.html
Linux Players:
RealPlayer 10:
http://www.real.com/linux
Helix Player:
http://player.helixcommunity.org/downloads/
PROVIDED AND/OR DISCOVERED BY:
1) Mark Litchfield, NGS Software.
2) Discovered by anonymous person and reported via iDEFENSE.
ORIGINAL ADVISORY:
RealNetworks:
http://service.real.com/help/faq/security/050224_player/EN/
iDEFENSE:
http://www.idefense.com/application/poi/display?id=209&type=vulnerabilities
VERIFY ADVISORY:
http://secunia.com/advisories/14456/
Secunia Security Advisories
http://community.securityteam.us/article.php/20050302112346531