CVE-2009-0375

Name of the Vulnerable Software and Affected Versions RealPlayer versions 6.0.12.1040 through 6.0.12.1741 RealPlayer versions 11.0.0 through 11.0.4 RealPlayer 10 RealPlayer 10.5 RealPlayer Enterprise Mac RealPlayer 10 Mac RealPlayer 10.1 Linux RealPlayer 10 Helix Player 10.x

Description The issue is related to a buffer overflow in a DLL file, allowing remote attackers to execute arbitrary code via a crafted Internet Video Recording (IVR) file. This file contains a filename length field with a large integer, triggering the overwrite of an arbitrary memory location with a 0x00 byte value. The problem is associated with the use of RealPlayer through a Windows Explorer plugin.

Recommendations For RealPlayer versions 6.0.12.1040 through 6.0.12.1741, update to a version outside of this range to resolve the issue. For RealPlayer versions 11.0.0 through 11.0.4, update to a version later than 11.0.4 to resolve the issue. For RealPlayer 10, RealPlayer 10.5, RealPlayer Enterprise, Mac RealPlayer 10, Mac RealPlayer 10.1, Linux RealPlayer 10, and Helix Player 10.x, there is no information about a newer version that contains a fix for this vulnerability.