- RealPlayer 14.0.2 and prior
Vulnerabilities have been identified in RealPlayer, one is due to a heap-based buffer overflow caused by improper bounds checking in the RealVideo Renderer plugin for RealMedia (rvrender.dll) when processing Internet Video Recording (IVR) files. Another vulnerability is due to a flaw in the OpenURLInDefaultBrowser() method when processing RNX (".rnx") file. There are multiple attack vectors, a remote attacker may entice a user to open a specially crafted file or web page with malicious content.
Depending on the vulnerabilities exploited, a successful attack could lead to remote arbitrary code execution.
The product vendor has released the following updated player to address the issues.
- RealPlayer 14.0.3
More information about this issue is available at: