Real Player Security Vulnerabilities, Time to patch it ... again

SECUNIA ADVISORY ID: SA12672

TITLE: RealOne Player / RealPlayer / Helix Player Multiple Vulnerabilities

VERIFY ADVISORY: http://secunia.com/advisories/12672/


CRITICALITY: Highly Critical

IMPACT: System access, Manipulation of data

WHERE: From remote


SOFTWARE AFFECTED:

RealPlayer 8: http://secunia.com/product/665/
RealPlayer 10: http://secunia.com/product/2968/
RealOne Player v2: http://secunia.com/product/2378/
RealOne Player v1: http://secunia.com/product/666/
Helix Player 1.x: http://secunia.com/product/3970/
RealPlayer Enterprise: http://secunia.com/product/3342/


DESCRIPTION:

Multiple vulnerabilities have been reported in RealOne Player, RealPlayer and Helix Player, which can be exploited by malicious people to compromise a user's system and delete files.

1) An unspecified error when running local RM files can potentially be exploited to execute arbitrary code. This vulnerability has been reported in:




RealPlayer 8 / 10 / 10.5 Beta (6.0.12.1016) / 10.5 (6.0.12.1040) / Enterprise on Windows


RealOne Player v1, v2 on Windows


Mac RealPlayer 10 Beta and Mac RealOne Player


Linux RealPlayer 10 and Helix Player on Linux



2) A problem with malformed calls can be exploited to execute arbitrary code by embedding the player on a malicious website and making specially crafted calls. The vulnerability has been reported in:




RealPlayer 10 / 10.5 Beta (6.0.12.1016) / 10.5 (6.0.12.1040)


RealOne Player v1, v2 on Windows.



3) An unspecified error allows malicious websites and media files to delete arbitrary local files. The vulnerability has been reported in:




RealPlayer 10 / 10.5 Beta (6.0.12.1016) / 10.5 (6.0.12.1040)


RealOne Player v1, v2 on Windows.




SOLUTION: Apply Updates (see the original Vendor Advisory below).

ORIGINAL ADVISORY: http://www.service.real.com/help/faq/secur...0928_player/EN/


THE MUL

 

I havent used Real Player in years......