RealPlayer Denial of Service
Reported April 4, 2000 by Adam Muntner
There is a buffer overflow in the Win32 RealPlayer Basic client, versions 6 and 7. This appears to occur when more than 299 characters are entered as a "location" to play.
Using the HTML "EMBED" tag to embed RealPlayer in a webpage and setting the "AUTOSTART=true" flag, RealPlayer can forced to start automatically, thereby triggering the overflow condition.
While I have not taken the time to find the proper entrance point in PNEN3260.DLL (which is what crashes, for example, in RealPlay 6 Basic), it appears that arbitrary code could be exploited simply by visiting a webpage with the malicious embedded RealPlayer tags, provided of course you"ve left your browser unprotected by allowing ActiveX, Java, and other dangerous mobile code to execute.
Load the patched RealPlayer once it is released. IUn the mean time, seriously consider disabling ActiveX in your browsers.
A response from Real was unknown at the time of this writing.
Reported by Adam Muntner