Reported October 28, 2004, by eEye Digital Security
A vulnerability in RealPlayer could result in the remote execution of arbitrary code on the vulnerable system. When an .rjs file containing a long filename (larger than about 0x8000 bytes) is opened, either in RealPlayer or through a Web browser, a stack-based buffer overflow occurs, allowing an exception-handler record to be overwritten and the Execution Instruction Point (EIP) to be hijacked.
The author, RealNetworks, has released a patch (available via the Check for Update menu item under Tools on the RealPlayer menu bar) to address this vulnerability.
Discovered by eEye Digital Security.