RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.4 on Windows do not properly handle dimensions during YUV420 transformations, which might allow remote attackers to execute arbitrary code via crafted MP4 content.
secunia.com/advisories/41096
secunia.com/advisories/41154
secunia.com/secunia_research/2010-5/
service.real.com/realplayer/security/08262010_player/en/
www.securitytracker.com/id?1024370
www.vupen.com/english/advisories/2010/2216
exchange.xforce.ibmcloud.com/vulnerabilities/61421
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7169