|CVSS SCORE||9.0, (AV:N/AC:L/Au:N/C:P/I:P/A:C)|
The flaw exists within the rv40.dll component for RealNetworks RealPlayer. When parsing a stream containing RV40 sample data, a value is miscalculated before being used as an offset from a base pointer address. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the process.
RealNetworks has issued an update to correct this vulnerability. More details can be found at:
|CREDIT||Dan Rosenberg of Virtual Security Research