Real Networks RealPlayer SP 'RecordClip' Method Remote Code Execution Vulnerability

Real Networks RealPlayer SP is prone to a remote code-execution vulnerability because it fails to sufficiently validate user-supplied data.

Successful exploits will allow the attacker to execute arbitrary code within the context of the application (typically Internet Explorer) that uses the ActiveX control.

Versions prior to and including RealPlayer SP 1.1 for Windows are vulnerable.

NOTE: This issue was previously discussed in BID 44144 (Real Networks RealPlayer SP and RealPlayer Enterprise Multiple Security Vulnerabilities) but has been given its own record to better document it.


Privacy Statement
Copyright 2010, SecurityFocus