|CVSS SCORE||9.0, (AV:N/AC:L/Au:N/C:P/I:P/A:C)|
The flaw exists within cook.dll, specifically the handling of a RealAudio 2.0 file. When parsing the RA2 header a coded_frame_sz element is used to calculate the size for an allocation. This value is not properly verified before unpacking stream data into this new location. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the process.
RealNetworks has issued an update to correct this vulnerability. More details can be found at: