RealNetworks, Inc. Releases Update to Address Security Vulnerabilities

The article gives step by step instructions for updating the affected software.

RealNetworks, Inc. has recently been made aware of security vulnerabilities that could potentially allow an attacker to run arbitrary code on a user’s machine.

The specific exploits were:

Exploit 1: To operate remote Javascript from the domain of the URL opened by a SMIL file or other file.
Exploit 2: To fashion RMP files which allow an attacker to download and execute arbitrary code on a user’s machine.
Exploit 3: To fashion media files to create “Buffer Overrun” errors.
While we have not received reports of anyone actually being attacked with this exploit, all security vulnerabilities are taken very seriously by RealNetworks. RealNetworks has found and fixed the problem.

Affected Software:

‘Exploit 1′ affects RealOne Player, RealOne Player v2 for Windows only (all languages), RealPlayer 10 Beta (English only) and RealOne Enterprise Desktop or RealPlayer Enterprise (all versions, standalone and as configured by the RealOne Desktop Manager or RealPlayer Enterprise Manager).

‘Exploit 2′ affects RealOne Player, RealOne Player v2 (all language versions, all platforms), and RealOne Enterprise Desktop or RealPlayer Enterprise (all versions, standalone and as configured by the RealOne Desktop Manager or RealPlayer Enterprise Manager).

‘Exploit 3′ affects RealOne Player and RealPlayer 8 (all language versions).

Workaround:

To ensure that your Player is protected, we recommend installing the updates available.”