Real Player Security Vulnerabilities, Time to patch it ... again

Discussion in 'other security issues & news' started by the mul, Sep 29, 2004.

Thread Status:
Not open for further replies.
  1. the mul

    the mul Registered Member

    Joined:
    Jul 31, 2003
    Posts:
    1,703
    Location:
    scotland
    SECUNIA ADVISORY ID: SA12672

    TITLE: RealOne Player / RealPlayer / Helix Player Multiple Vulnerabilities

    VERIFY ADVISORY: http://secunia.com/advisories/12672/


    CRITICALITY: Highly Critical

    IMPACT: System access, Manipulation of data

    WHERE: From remote


    SOFTWARE AFFECTED:

    RealPlayer 8: http://secunia.com/product/665/
    RealPlayer 10: http://secunia.com/product/2968/
    RealOne Player v2: http://secunia.com/product/2378/
    RealOne Player v1: http://secunia.com/product/666/
    Helix Player 1.x: http://secunia.com/product/3970/
    RealPlayer Enterprise: http://secunia.com/product/3342/


    DESCRIPTION:

    Multiple vulnerabilities have been reported in RealOne Player, RealPlayer and Helix Player, which can be exploited by malicious people to compromise a user's system and delete files.

    1) An unspecified error when running local RM files can potentially be exploited to execute arbitrary code. This vulnerability has been reported in:




    RealPlayer 8 / 10 / 10.5 Beta (6.0.12.1016) / 10.5 (6.0.12.1040) / Enterprise on Windows


    RealOne Player v1, v2 on Windows


    Mac RealPlayer 10 Beta and Mac RealOne Player


    Linux RealPlayer 10 and Helix Player on Linux



    2) A problem with malformed calls can be exploited to execute arbitrary code by embedding the player on a malicious website and making specially crafted calls. The vulnerability has been reported in:




    RealPlayer 10 / 10.5 Beta (6.0.12.1016) / 10.5 (6.0.12.1040)


    RealOne Player v1, v2 on Windows.



    3) An unspecified error allows malicious websites and media files to delete arbitrary local files. The vulnerability has been reported in:




    RealPlayer 10 / 10.5 Beta (6.0.12.1016) / 10.5 (6.0.12.1040)


    RealOne Player v1, v2 on Windows.




    SOLUTION: Apply Updates (see the original Vendor Advisory below).

    ORIGINAL ADVISORY: http://www.service.real.com/help/faq/secur...0928_player/EN/


    THE MUL
     
  2. Brent

    Brent Registered Member

    Joined:
    Jun 22, 2004
    Posts:
    71
    I havent used Real Player in years......
     
Loading...
Thread Status:
Not open for further replies.