Andrzej Dyjak

**Name of the Vulnerable Software and Affected Versions** RealPlayer versions 11.0 through 11.1 RealPlayer versions 14.0.0 through 14.0.5 RealPlayer SP versions 1.0 through 1.1.5 Mac RealPlayer version 12.0.0.1569 **Description** The issue allows remote attackers to execute arbitrary code via a crafted `raw data frame` field in an AAC file. This can lead to the execution of malicious code on the affected system. **Recommendations** For RealPlayer versions 11.0 through 11.1, update to a version outside of this range to resolve the issue. For RealPlayer versions 14.0.0 through 14.0.5, update to a version outside of this range to resolve the issue. For RealPlayer SP versions 1.0 through 1.1.5, update to a version outside of this range to resolve the issue. For Mac RealPlayer version 12.0.0.1569, update to a version newer than 12.0.0.1569 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Apple iTunes versions prior to 10.2 on Windows **Description** A heap-based buffer overflow issue exists in the ImageIO component of CoreGraphics in Apple iTunes, allowing remote attackers to execute arbitrary code or cause a denial of service via a crafted International Color Consortium (ICC) profile in a JPEG image. **Recommendations** For Apple iTunes versions prior to 10.2 on Windows, update to version 10.2 or later to resolve the issue.

Name of the Vulnerable Software and Affected Versions: Apple Mac OS X versions 10.4.11 through 10.5.7 Description: The issue is related to a heap-based buffer overflow in ColorSync, which can be exploited by remote attackers through a crafted image containing an embedded ColorSync profile. This can lead to the execution of arbitrary code or cause a denial of service, resulting in an application crash. Recommendations: For Apple Mac OS X versions 10.4.11 through 10.5.7, update to version 10.5.8 or later to resolve the issue.