Reported February 4, 2004 by NGSSoftware.
RealOne Player v2
RealOne Enterprise Desktop
RealPlayer Enterprise (all language versions, all platforms)
RealNetworks' RealOne Player and RealPlayer contain multiple vulnerabilities, the most serious of which can result in arbitrary code execution on the vulnerable system. This vulnerability is a result of a flaw in the way the SurfNOW proxy server handles long HTTP headers. By crafting malformed .RP, .RT, .RAM, .RPM, and .SMIL files, an attacker can cause heap- and stack-based overruns in RealOne Player and RealPlayer. By forcing a browser to a Web site that contains such a file, a malicious user can execute code on the target machine running in the context of the logged on user. Alternatively, an end user can open the attachment (except in the case of the .RPM file).
RealNetworks has issued a notice about these vulnerabilities and recommends that affected users immediately apply the available update.
Discovered by Mark Litchfield.