+++ This bug was initially created as a clone of Bug #159871 +++ This vulnerability involved a complex interaction between a maliciously created SMIL file and specifically crafted web server caused a heap overflow in the error message processing for RealText which could have allowed an attacker to execute arbitrary code on a customer's machine. This issue also affects HelixPlayer
This issue will have to be fixed in FC4 as well.
RHEL-4 built and symlinked HelixPlayer-1.0.5-0.EL4.1
FC-3 & 4 build. I will have Colin push these as I will be away when the embargo is lifted.