PROBLEM:
RealPlayer Heap Corruption Error in 'vidplin.dll' Lets Remote Users Execute Arbitrary Code.
PLATFORM:
RealPlayer 14.0.1 and prior versions
ABSTRACT:
A vulnerability was reported in RealPlayer. A remote user can cause arbitrary code to be executed on the target user's system.
reference LINKS:
Security Tracker Alert
CVE-2010-4393
IMPACT ASSESSMENT:
Medium
Discussion:
A remote user can create a specially crafted AVI file that, when loaded by the target user, will trigger a heap corruption error in 'vidplin.dll' and execute arbitrary code on the target system. The code will run with the privileges of the target user.
Affected software: Windows RealPlayer 14.0.1 and prior
Solution:
RealNetworks always recommends upgrading your product to the most current version available to avoid security vulnerabilities. RealNetworks is making available product upgrades that contain security bug fixes.