Added: 03/31/2006
CVE: CVE-2005-2922
BID: 17202
OSVDB: 24062
RealPlayer, RealOne Player, and Helix Player include an embedded player which plays media embedded in a web page.
A chunked HTTP response containing an invalid or missing chunk header results in a heap overflow, leading to command execution.
Use the Check for Update feature to upgrade to the latest version of RealPlayer, RealOne Player, or Helix Player.
<http://www.idefense.com/intelligence/vulnerabilities/display.php?id=404>
Exploit works on RealPlayer 10.5 (6.0.12.1348). In order for the exploit to run, a user must load the exploit page in Internet Explorer.
Windows 2000
Windows XP