RealPlayer is vulnerable to multiple stack-based buffer overflow vulnerabilities (CVE-2013-7260). This flaw allows attackers to execute arbitrary code and take complete control of the system remotely. Affected versions of RealPlayer are before 18.104.22.168 on Windows systems. This flaw can be mitigated using a patch management software.
Real player Vulnerability is because of the way the ‘version’ and ‘encoding’ attributes in the XML declaration of an RMP (RIFF MP3 Audio File) file are handled. If malicious data is in the ‘version’ or ‘encoding’ attribute inside the XML declaration of the RMP file, it results in a crash or execution of arbitrary code. However, it is essential to have a vulnerability management tool.
In Realplayer Vulnerability (CVE-2013-7260), large input data to ‘version’ attribute leads to stack based buffer overflow and so a carefully crafted malicious value can result in execution of any arbitrary code.
So the return instruction 641930CA will jump to 0012FDE4 (the stack) where our calculator shell code is located.
If an attacker were to send a crafted RMP file and if you happen to open through the RealPlayer or you visit a website that is hosting a malicious RMP file, attacker could control your system completely.