RealPlayer, developed by RealNetworks Inc., is an application for playing various media formats. When RealPlayer process the Synchronized Multimedia Integration Language (smil) file format, stack-based buffer overflow would happen and cause the vulnerable host to open a local TCP port waiting for connections from foreign IP addresses. By successfully connecting to the newly opened local TCP port, a malicious attacker can take full control and run arbitrary codes on a vulnerable computer.

To exploit this vulnerability, an attacker first needs to craft a malformed. smil file and dupe a user to open it. An attacker could also place a malformed .smil file on a web server and make links to the malicious .smil file. By default, when RealPlayer users open .smil file with Internet Explorer, they will not see any alerts and the malicious .smil file will be opened without any delay, thus allowing a more effective way of exploitation.

BroadWeb Security Service Team (BSST) has released the countermeasure signatures in signature versioin 2.80, which includes: