iDefense Security Advisory 02.01.10 – Remote exploitation of an integer overflow vulnerability in RealNetworks Inc.’s Real Player could allow an attacker to execute arbitrary code with the privileges of the current user. This problem specifically exists in the CMediumBlockAllocator::Alloc method. When calculating the size of a memory allocation, an integer overflow occurs. This leads to heap corruption, which can result in the execution of arbitrary code. iDefense has confirmed the existence of this vulnerability in Real Player versions 10.5 (build 6.0.12.883) and 11 (build 6.0.14.738) on Windows. Other versions may also be affected.
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/85842/02.01.10-2.txt
Source: https://packetstormsecurity.com/files/85842/iDEFENSE-Security-Advisory-2010-02-01.2.html