CVE-2004-1481

Name of the Vulnerable Software and Affected Versions RealPlayer versions 8 through 10.5 (6.0.12.1040) and earlier RealOne Player versions 1 or 2

Description The issue is caused by an integer overflow in the pnen3260.dll component, which can be exploited by remote attackers to execute arbitrary code. This is achieved through a SMIL file and a .rm movie file containing a large length field for the data chunk, resulting in a heap-based buffer overflow.

Recommendations For RealPlayer versions 8 through 10.5 (6.0.12.1040) and earlier, update to a version later than 10.5 (6.0.12.1040) to resolve the issue. For RealOne Player versions 1 or 2, consider disabling the pnen3260.dll component as a temporary workaround until a patch is available.