A vulnerability has been reported in RealPlayer, which can be exploited by malicious people to compromise a user's system.

A vulnerability has been reported in RealPlayer, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to a signedness error in MPAMedia.dll when handling playlist names. This can be exploited to cause a stack-based buffer overflow by e.g. importing a file into a specified playlist with an overly long name via the RealPlayer IERPCtl ActiveX control (ierpplug.dll).

Successful exploitation allows execution of arbitrary code.

NOTE: The vulnerability is currently being actively exploited.

Apply patch for RealPlayer 10.5 and 11 beta:
http://service.real.com/realplayer/security/191007_player/en/securitydb.rnx

The vendor recommends users of RealPlayer 10 and RealOne v1 and v2 to upgrade to version 10.5 and apply the patch.

NOTE: According to the vendor, RealPlayer 8 and prior versions for Windows are not affected. Versions for Macintosh and Linux are also not affected.

-