A buffer overflow flaw was discovered in the way RealPlayer and HelixPlayer handle the wallclock variable in Synchronized Multimedia Integration Language (SMIL) files. More information regarding this flaw can be found here: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=547
Note the latest realplayer for Linux from real.com, version 10.0.8.805 segfaults using the reproducer.
Created attachment 158016 [details] Patch created by Chris Aillon
still no update from Real, 10.0.8.805 is latest available
still no update from Real, 10.0.8.805 is latest available on their site
The Real security page hasn't been updated with the new build, but if you visit www.real.com and download the Linux version you get 10.0.9.809 and the version release notes include: What's New in 10.0.9.809 Security bugs fixes. That's good enough for me, pushing update RHSA-2007:0841
Fix was now publicly announced by RealNetworks: http://service.real.com/realplayer/security/10252007_player/en/ Vulnerability 3: The identified vulnerability is a malicious SMIL file which could cause a buffer overflow in the RealPlayer. CVE-2007-3410