- RealPlayer 10.5 (22.214.171.1240-1235)
- RealPlayer 10
- RealOne Player v2
- RealOne Player v1
- RealPlayer 8
- RealPlayer Enterprise
- Linux RealPlayer 10 (10.0.0 – 5)
- Helix Player (10.0.0 – 5)
Note: For the complete list and for security patches, visit
More details about the said vulnerabilities can be found by clicking on the links below:
RealPlayer Data Packet Stack Overflow
“The vulnerability allows a remote attacker to reliably overwrite stack memory with arbitrary data and execute arbitrary code in the context of the user who executed the player.
This specific flaw exists in the first data packet contained in a Real Media file. By specially crafting a malformed .rm movie file, a direct stack overwrite is triggered, and reliable code execution is then possible.”
Real Player Zipped Skin File Buffer Overflow II
“allows a remote attacker to reliably overwrite the heap with arbitrary data and execute arbitrary code in the context of the user under which the player is running.”
Users of the vulnerable products are advised to apply the said security patches. We can never tell these days when a malicious attacker exploits these vulnerabilities.