RealNetworks RealPlayer Multiple Vulnerabilities (Win)

Summary
This host is installed with RealPlayer which is prone to multiple vulnerabilities.
Impact
Successful exploitation will let the attacker execute arbitrary codes within the context of the application and can cause heap overflow or allow remote code execution.
Solution
Upgrade to RealPlayer SP version 1.1.5, For updates refer to http://www.real.com/player
Insight
The multiple flaws are due to, - An error in the handling of dimensions during 'YUV420' transformations, which allows attackers to execute arbitrary code via crafted MP4 content. - An integer overflow error in the handling of crafted QCP file. - A heap-based buffer overflow when handling large size values in 'QCP' audio content. - An integer overflows in the 'ParseKnownType()' function, which allows attackers to execute arbitrary code via crafted 'HX_FLV_META_AMF_TYPE_MIXEDARRAY' or 'HX_FLV_META_AMF_TYPE_ARRAY' data in an FLV file. - An unspecified error in an ActiveX control in the Internet Explorer (IE) plugin, has unknown impact and attack vectors related to 'multiple browser windows.'
Affected
RealPlayer SP 1.0 to 1.1.4 (12.x) RealNetworks RealPlayer SP 11.0 to 11.1 on Windows platform.
References