CVE-2010-2999

Name of the Vulnerable Software and Affected Versions RealPlayer versions 11.0 through 11.1 RealPlayer SP versions 1.0 through 1.0.1 Mac RealPlayer versions 11.0 through 11.1 Linux RealPlayer version 11.0.2.1744

Description The issue allows remote attackers to execute arbitrary code or cause a denial of service due to heap memory corruption via a malformed MLLT atom in an AAC file.

Recommendations For RealPlayer versions 11.0 through 11.1, consider disabling the parsing of MLLT atoms in AAC files until a patch is available. For RealPlayer SP versions 1.0 through 1.0.1, restrict access to AAC files to minimize the risk of exploitation. For Mac RealPlayer versions 11.0 through 11.1, avoid using the affected AAC parsing functionality until the issue is resolved. For Linux RealPlayer version 11.0.2.1744, as a temporary workaround, consider disabling the playback of AAC files until a patch is available.