Hello bugtraq, There are buffer overflows in RealPlayer's header reading code. To my knowledge, no exploit has been developed for it, but it appears possible. Since the press already has a hold of it: http://www.newsbytes.com/news/02/173936.html I might as well release this now. The official advisory can be found at: http://www.sentinelchicken.com/advisories/realplayer/ Real has told me there should be a patch out sometime after noon tomorrow (Pacific time). thanks, tim (Not a security expert.)
