PROBLEM:
RealPlayer Buffer Overflow and Invalid Pointer Flaw Let Remote Users Execute Arbitrary Code
PLATFORM:
Windows RealPlayer 15.0.6.14 and prior.
ABSTRACT:
Two vulnerabilities were reported in RealPlayer.
REFERENCE LINKS:
RealPlayer Security Vulnerabilities
Secunia Advisory SA51589
SecurityTracker Alert ID: 1027893
CVE-2012-5690
CVE-2012-5691
IMPACT ASSESSMENT:
Medium
DISCUSSION:
Two vulnerabilities have been reported in RealPlayer, which can be exploited by malicious people to compromise a user's system.
A remote user can create a specially crafted RealAudio file that, when loaded by the target user, will trigger an invalid pointer flaw and execute arbitrary code on the target system [CVE-2012-5690]. The code will run with the privileges of the target user.
A remote user can create a specially crafted RealMedia file that, when loaded by the target user, will trigger a buffer overflow and execute arbitrary code on the target system [CVE-2012-5691]. The code will run with the privileges of the target user.
IMPACT:
A remote user can create a file that, when loaded by the target user, will execute arbitrary code on the target user's system.