CVE-2010-2997

Name of the Vulnerable Software and Affected Versions RealPlayer versions 11.0 through 11.1 RealPlayer SP versions 1.0 through 1.0.1 Mac RealPlayer versions 11.0 through 11.1 Linux RealPlayer version 11.0.2.1744 HelixPlayer version 1.0.6

Description The issue allows remote attackers to execute arbitrary code or cause a denial of service via a crafted StreamTitle tag in an ICY SHOUTcast stream, related to the SMIL file format. This is due to a use-after-free vulnerability.

Recommendations For RealPlayer versions 11.0 through 11.1, update to a version outside of this range to mitigate the risk. For RealPlayer SP versions 1.0 through 1.0.1, update to a version outside of this range to mitigate the risk. For Mac RealPlayer versions 11.0 through 11.1, update to a version outside of this range to mitigate the risk. For Linux RealPlayer version 11.0.2.1744, update to a newer version to mitigate the risk. For HelixPlayer version 1.0.6, update to a newer version to mitigate the risk. As a temporary workaround, consider restricting access to ICY SHOUTcast streams until a patch is available.