CVE-2013-6877

Name of the Vulnerable Software and Affected Versions RealPlayer versions prior to 17.0.4.61 RealPlayer version 16.0.2.32 RealPlayer version 16.0.3.51 Mac RealPlayer versions prior to 12.0.1.1738

Description The issue is a heap-based buffer overflow that allows remote attackers to execute arbitrary code via a long string in the TRACKID element of an RMP file.

Recommendations For RealPlayer versions prior to 17.0.4.61, update to version 17.0.4.61 or later. For RealPlayer version 16.0.2.32, update to a version that is not affected by this issue. For RealPlayer version 16.0.3.51, update to a version that is not affected by this issue. For Mac RealPlayer versions prior to 12.0.1.1738, update to version 12.0.1.1738 or later. As a temporary workaround, consider avoiding the use of the TRACKID element in RMP files until a patch is available.