CVE-2009-4247

Name of the Vulnerable Software and Affected Versions RealPlayer versions 10 through 11.0.1 RealPlayer 10.5 versions 6.0.12.1040 through 6.0.12.1741 RealPlayer SP versions 1.0.0 through 1.0.1 RealPlayer Enterprise (affected versions not specified) Mac RealPlayer versions 10 through 11.0.1 Linux RealPlayer versions 10 through 11.0.1 Helix Player versions 10.x through 11.0.1

Description The issue is related to a stack-based buffer overflow in the rtspclnt.cpp file, which can be triggered by a crafted ASM RuleBook with a large number of rules, causing an "array overflow." This can lead to a denial of service (application crash) or possibly allow remote attackers to execute arbitrary code.

Recommendations For RealPlayer versions 10 through 11.0.1, consider disabling the rtspclnt.cpp function until a patch is available. For RealPlayer 10.5 versions 6.0.12.1040 through 6.0.12.1741, restrict access to the vulnerable rtsp protocol to minimize the risk of exploitation. For RealPlayer SP versions 1.0.0 through 1.0.1, avoid using the ASM RuleBook feature in the affected API endpoint until the issue is resolved. For RealPlayer Enterprise, Mac RealPlayer, Linux RealPlayer, and Helix Player, at the moment, there is no information about a newer version that contains a fix for this vulnerability.