RealPlayer Buffer Overflow [Sentinel Chicken Networks Security Advisory #01]

[tmorgan-security () kavi com]

Hello bugtraq,

There are buffer overflows in RealPlayer's header reading code.  To
my knowledge, no exploit has been developed for it, but it appears
possible.

Since the press already has a hold of it:
  http://www.newsbytes.com/news/02/173936.html

I might as well release this now.  The official advisory can be
found at:
  http://www.sentinelchicken.com/advisories/realplayer/

Real has told me there should be a patch out sometime after noon
tomorrow (Pacific time).

thanks,
tim
(Not a security expert.)