iDefense Security Advisory 02.01.10 – Remote exploitation of an integer overflow vulnerability in RealNetworks Inc.’s RealPlayer 11 could allow an attacker to execute arbitrary code with the privileges of the affected service. The vulnerability specifically exists in the handling of the ‘chunked’ Transfer-Encoding method. This method breaks the file the server is sending into ‘chunks’. For each chunk, the server first sends the length of the chunk in hexadecimal, followed by the chunk data. This is repeated until there are no more chunks. The server then sends a chunk length of zero (0) indicating the end of the transfer. When processing these chunks, an integer overflow occurs, which results in a heap overflow. This leads to the execution of arbitrary code. iDefense has confirmed the existence of this vulnerability in RealPlayer version 11 on Windows. A nightly build of RealPlayer 10.1.0.3830 for Linux was also confirmed to be vulnerable. Previous versions do not appear be affected.
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/85841/02.01.10-1.txt
Source: https://packetstormsecurity.com/files/85841/iDEFENSE-Security-Advisory-2010-02-01.1.html