Integer overflow in pnen3260.dll in RealPlayer 8 through 10.5 (6.0.12.1040) and earlier, and RealOne Player 1 or 2 on Windows or Mac OS, allows remote attackers to execute arbitrary code via a SMIL file and a .rm movie file with a large length field for the data chunk, which leads to a heap-based buffer overflow.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Helix_player | Realnetworks | 1.0 (including) | 1.0 (including) |
| Realone_player | Realnetworks | 1.0 (including) | 1.0 (including) |
| Realone_player | Realnetworks | 2.0 (including) | 2.0 (including) |
| Realone_player | Realnetworks | 9.0.0.288 (including) | 9.0.0.288 (including) |
| Realone_player | Realnetworks | 9.0.0.297 (including) | 9.0.0.297 (including) |
| Realplayer | Realnetworks | - (including) | - (including) |
| Realplayer | Realnetworks | 8.0 (including) | 8.0 (including) |
| Realplayer | Realnetworks | 10.0 (including) | 10.0 (including) |
| Realplayer | Realnetworks | 10.0-beta (including) | 10.0-beta (including) |
| Realplayer | Realnetworks | 10.0_6.0.12.690 (including) | 10.0_6.0.12.690 (including) |
| Realplayer | Realnetworks | 10.5 (including) | 10.5 (including) |
| Realplayer | Realnetworks | 10.5_6.0.12.1016-beta (including) | 10.5_6.0.12.1016-beta (including) |
| Realplayer | Realnetworks | 10.5_6.0.12.1040 (including) | 10.5_6.0.12.1040 (including) |