RealNetworks.RealPlayer.Zipped.Skin.File.Buffer.Overflow
Description
This indicates an attempt to exploit a heap-based buffer-overflow vulnerability in RealPlayer and RealOne Player.
The vulnerability is in DUNZIP32.DLL and is caused by the library's inability to properly handle malformed RealPlayer Skin (RJS) files. Remote attackers may exploit this to execute arbitrary code.
Affected Products
DUNZIP32.DLL for RealPlayer 8, 10, and 10.5 and RealOne Player 1 and 2
Impact
System compromise: remote code execution.
Recommended Actions
RealNetworks has released a patch for this vulnerability. The patch is
available via the "Check for Update" menu item under Tools on the
RealPlayer menu bar or from http://service.real.com/realplayer/security/
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |