iDefense Security Advisory 02.01.10 - Remote exploitation of an integer overflow vulnerability in Real Networks Inc.'s RealPlayer version 11 could allow an attacker to execute arbitrary code. iDefense Labs has confirmed the existence of an integer overflow issue within RealPlayer when handling compressed GIF files. The vulnerability occurs in the CGIFCodec::InitDecompress() function, which does not properly validate a field in the GIF file before using it in an arithmetic operation that calculates the size of a heap buffer. This issue leads to heap corruption, which can result in the execution of arbitrary code. iDefense confirmed RealPlayer version 11 is vulnerable to this issue.
3f0c3242b0afbee7c3c7828a48aa049b6a72341359deef2d7363e819bcf7480f