CVE-2010-3747

Name of the Vulnerable Software and Affected Versions RealPlayer versions 11.0 through 11.1 RealPlayer SP versions 1.0 through 1.1.4 RealPlayer Enterprise version 2.1.2

Description The issue arises from an ActiveX control in RealPlayer that fails to properly initialize an object component when parsing a CDDA URI. This can be exploited by remote attackers to execute arbitrary code or cause a denial of service, resulting in an uninitialized pointer dereference and application crash, via a long URI.

Recommendations For RealPlayer versions 11.0 through 11.1, update to a version that properly initializes the object component during CDDA URI parsing. For RealPlayer SP versions 1.0 through 1.1.4, update to a version that properly initializes the object component during CDDA URI parsing. For RealPlayer Enterprise version 2.1.2, update to a version that properly initializes the object component during CDDA URI parsing. As a temporary workaround, consider restricting access to the CDDA URI parsing functionality until a patch is available.