RealNetworks, Inc. Releases Update to Address Security Vulnerabilities

RealNetworks, Inc. has addressed recently discovered security vulnerabilities that offered the potential for an attacker to run arbitrary or malicious code on a customer's machine. RealNetworks has received no reports of machines compromised as a result of the now-remedied vulnerabilities. RealNetworks takes all security vulnerabilities very seriously.

RealNetworks would like to acknowledge John Heasman of NGS Software, and eEye Digital Security for bringing these exploits to our attention as well as those who subsequently worked with RealNetworks to correct the vulnerabilities.

For complete details and list of affected version and products, please go to http://service.real.com/help/faq/security/051110_player/EN/

Security Patch Update For Realplayer Enterprise

RealNetworks, Inc. has recently discovered security vulnerabilities that offered the potential for an attacker to run arbitrary or malicious code on a customer's machine. RealNetworks has received no reports of machines compromised as a result of the now-remedied vulnerabilities. RealNetworks takes all security vulnerabilities very seriously.

The specific exploits were:

Exploit 1: To fashion a malicious skin file to cause a stack overflow which could have allowed an attacker to execute arbitrary code on a customer's machine.
Exploit 2: To fashion a malicious RealMedia file which could have caused stack overflow to allow an attacker to execute arbitrary code on a customer's machine.
Exploit 3: To fashion a malicious skin file to cause a stack overflow which could have allowed an attacker to execute arbitrary code on a customer's machine. The buffer overrun was designed to occur in a 3rd-party compression library.
Impacted Products and Versions:
This affects versions 1.1, 1.2, 1.5, 1.6 and 1.7 of RealPlayer Enterprise (standalone and as configured by the RealPlayer Enterprise Manager).

Workaround
To ensure that your Player is protected, we recommend installing the available update.

http://service.real.com/help/faq/security/security111005.html