CVE-2010-4392 Information

Description

Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11.1 RealPlayer SP 1.0 through 1.1.5 RealPlayer Enterprise 2.1.2 and 2.1.3 Linux RealPlayer 11.0.2.1744 and possibly HelixPlayer 1.0.6 and other versions allows remote attackers to execute arbitrary code via crafted ImageMap data in a RealMedia file related to certain improper integer calculations.

Reference

http://osvdb.org/69852 http://service.real.com/realplayer/security/12102010_player/en/ http://www.redhat.com/support/errata/RHSA-2010-0981.html http://www.securitytracker.com/id?1024861 http://www.zerodayinitiative.com/advisories/ZDI-10-280