CVE-2010-4384

Name of the Vulnerable Software and Affected Versions RealPlayer versions 11.0 through 11.1 RealPlayer Enterprise version 2.1.2 Mac RealPlayer versions 11.0 through 11.1 Linux RealPlayer version 11.0.2.1744 HelixPlayer version 1.0.6

Description The issue is related to an array index error in the Media Properties Header parsing functionality. This error allows remote attackers to execute arbitrary code via a malformed Media Properties Header in a RealMedia file. No information is provided about the estimated number of potentially affected devices or real-world incidents.

Recommendations For RealPlayer versions 11.0 through 11.1, update to a version that fixes the Media Properties Header parsing issue. For RealPlayer Enterprise version 2.1.2, update to a version that fixes the Media Properties Header parsing issue. For Mac RealPlayer versions 11.0 through 11.1, update to a version that fixes the Media Properties Header parsing issue. For Linux RealPlayer version 11.0.2.1744, update to a version that fixes the Media Properties Header parsing issue. For HelixPlayer version 1.0.6, update to a version that fixes the Media Properties Header parsing issue. As a temporary workaround, consider avoiding the use of RealMedia files from untrusted sources until a patch is available.