RealPlayer, RealOne Player, and Helix Player include an embedded player which plays media embedded in a web page.
A chunked HTTP response containing an invalid or missing chunk header results in a heap overflow, leading to command execution.
Use the Check for Update feature to upgrade to the latest version of RealPlayer, RealOne Player, or Helix Player.
Exploit works on RealPlayer 10.5 (18.104.22.1688). In order for the exploit to run, a user must load the exploit page in Internet Explorer.