Gabor Seljan

**Name of the Vulnerable Software and Affected Versions** Core FTP LE version 2.2 build 1798 **Description** The issue is related to multiple heap-based buffer overflows in the client. This can be triggered by remote FTP servers sending a long string in response to certain commands, potentially causing a denial of service or allowing the execution of arbitrary code. The commands that can trigger this issue include USER, PASS, PASV, SYST, PWD, and CDUP. **Recommendations** For Core FTP LE version 2.2 build 1798, consider avoiding the use of the affected commands until a patch is available. As a temporary workaround, restrict access to the FTP client to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** RealPlayer versions prior to 17.0.4.61 on Windows RealPlayer versions prior to 12.0.1.1738 on Mac **Description** The issue allows remote attackers to execute arbitrary code via a long version number or encoding declaration in the XML declaration of an RMP file. This is due to multiple stack-based buffer overflows. **Recommendations** For RealPlayer versions prior to 17.0.4.61 on Windows, update to version 17.0.4.61 or later. For RealPlayer versions prior to 12.0.1.1738 on Mac, update to version 12.0.1.1738 or later.