eEye Digital Security has reported two vulnerabilities in RealPlayer, RealOne, and HelixPlayer, which can be exploited by malicious people to compromise a user’s system.

The vulnerability has been reported in following versions:

• RealPlayer 10.5 (6.0.12.1040-1235) (Windows)

• RealPlayer 10 (Windows)
• RealOne Player v1 (Windows)
• RealOne Player v2 (Windows)
• RealPlayer 8 (Windows)
• RealPlayer Enterprise versions 1.1, 1.2, 1.5, 1.6 and 1.7 (Windows)
• RealPlayer 10 (10.0.0.305 - 331) (Mac)
• RealPlayer 10 (10.0.0 - 10.0.5) (Linux)
• Helix Player (10.0.0 - 10.0.5) (Linux)

Solution: Update to the fixed versions.

Windows Platform

• RealPlayer 10.5 / RealOne Player v1 (English only) / RealOne Player v2 / RealPlayer 10: Update to the latest version via “Check for Update” on the “Tools” menu, or download patch from vendor’s Web site.

• RealPlayer 8 (version 6.0.9.584): Update to the latest version via “Check for Update” on the “Help” menu, or download patch from vendor’s Web site.
• RealPlayer Enterprise: Apply patch.

Mac OS X Platform

• RealPlayer 10: Update to the latest version via “Check for Update” on the “RealPlayer” menu.

• RealOne Player for Mac OS X users need to upgrade to RealPlayer 10 for Mac OS X and then apply the update.

Linux Platform

• RealPlayer 10 for Linux

• Helix Player for Linux

[Continue reading Secunia Advisory SA17514]

[tags]buffer overflow,realplayer,realone,helixplayer,secunia[/tags]