You are here

T-545: RealPlayer Heap Corruption Error in 'vidplin.dll' Lets Remote Users Execute Arbitrary Code

January 28, 2011 - 7:21am

Addthis

PROBLEM:

RealPlayer Heap Corruption Error in 'vidplin.dll' Lets Remote Users Execute Arbitrary Code.

PLATFORM:

RealPlayer 14.0.1 and prior versions

ABSTRACT:

A vulnerability was reported in RealPlayer. A remote user can cause arbitrary code to be executed on the target user's system.

reference  LINKS:

Security Tracker Alert
CVE-2010-4393

IMPACT ASSESSMENT:

Medium

Discussion:

A remote user can create a specially crafted AVI file that, when loaded by the target user, will trigger a heap corruption error in 'vidplin.dll' and execute arbitrary code on the target system. The code will run with the privileges of the target user.

Affected software: Windows RealPlayer 14.0.1 and prior

Solution:

RealNetworks always recommends upgrading your product to the most current version available to avoid security vulnerabilities. RealNetworks is making available product upgrades that contain security bug fixes.
 

Addthis