RealNetworks RealPlayer Multiple Vulnerabilities

Multiple vulnerabilities have been identified in RealNetworks RealPlayer, which could be exploited by remote attackers to compromise a vulnerable system.

1. an invalid index when processing RealMedia .IVR file with malformed sample data, which could allow attackers to execute arbitrary code by tricking a user into visiting a specially crafted web page.

2. An uninitialized pointer when parsing long CDDA URIs, which could allow attackers to execute arbitrary code by tricking a user into visiting a specially crafted web page.

3. An error within the browser plugins when processing arguments to the "RecordClip()" method, which could allow attackers to download and execute arbitrary binaries via a malicious web page.

4. A heap overflow error in "rjrmrpln.dll" when processing Name Value Property (NVP) elements, which could allow attackers to execute arbitrary code by tricking a user into visiting a specially crafted web page.

5. A heap overflow error in the RealPlayer ActiveX control when parsing a long argument ending with ".smil" while handling a "tfile", "pnmm", or "cdda" URI, which could allow attackers to execute arbitrary code by tricking a user into visiting a specially crafted web page.

6. A heap overflow error when processing sample chunks while parsing QCP audio content, which could allow attackers to execute arbitrary code by tricking a user into visiting a specially crafted web page.

7. A stack overflow error in the RichFX component, which could allow attackers to execute arbitrary code by tricking a user into visiting a specially crafted web page.