CVE-2010-3750 Information

Description

rjrmrpln.dll in RealNetworks RealPlayer 11.0 through 11.1 RealPlayer SP 1.0 through 1.1.4 and RealPlayer Enterprise 2.1.2 does not properly validate file contents that are used during interaction with a heap buffer which allows remote attackers to execute arbitrary code via crafted Name Value Property (NVP) elements in logical streams in a media file.

Reference

http://service.real.com/realplayer/security/10152010_player/en/ http://www.securityfocus.com/bid/44144 http://www.zerodayinitiative.com/advisories/ZDI-10-212/