CVE-2007-5601

Name of the Vulnerable Software and Affected Versions RealPlayer versions prior to 10.5, including 10, RealOne Player, and RealOne Player 2 RealPlayer version 11 beta

Description A stack-based buffer overflow issue exists in the Database Component of MPAMedia.dll. This allows remote attackers to execute arbitrary code via certain playlist names. The issue can be demonstrated through the import method to the IERPCtl ActiveX control in ierpplug.dll.

Recommendations For RealPlayer versions prior to 10.5, including 10, RealOne Player, and RealOne Player 2, update to a version later than 10.5 to resolve the issue. For RealPlayer version 11 beta, update to a non-beta version to resolve the issue. As a temporary workaround, consider restricting access to the IERPCtl ActiveX control in ierpplug.dll to minimize the risk of exploitation.