RealNetworks RealPlayer RealText Parsing Heap Overflow Vulnerability

RealNetworks RealPlayer RealText Parsing Heap Overflow Vulnerability

RealPlayer is prone to a remote heap-overflow vulnerability because the application fails to properly bounds-check user-supplied data before copying it to an insufficiently sized memory buffer.

Specifically, the application fails to bounds-check user-supplied data contained in RealText files, resulting in the possibility of overflowing a heap buffer. Attackers can control the contents of critical memory control structures and write arbitrary data to arbitrary memory locations.

Exploiting this issue allows attackers to execute arbitrary machine code in the context of the user running the affected application.