Real Player Security Vulnerabilities, Time to patch it ... again

Discussion in 'other security issues & news' started by the mul, Sep 29, 2004.

Thread Status:
Not open for further replies.
  1. the mul

    the mul Registered Member

    Joined:
    Jul 31, 2003
    Posts:
    1,704
    Location:
    scotland
    SECUNIA ADVISORY ID: SA12672

    TITLE: RealOne Player / RealPlayer / Helix Player Multiple Vulnerabilities

    VERIFY ADVISORY: http://secunia.com/advisories/12672/


    CRITICALITY: Highly Critical

    IMPACT: System access, Manipulation of data

    WHERE: From remote


    SOFTWARE AFFECTED:

    RealPlayer 8: http://secunia.com/product/665/
    RealPlayer 10: http://secunia.com/product/2968/
    RealOne Player v2: http://secunia.com/product/2378/
    RealOne Player v1: http://secunia.com/product/666/
    Helix Player 1.x: http://secunia.com/product/3970/
    RealPlayer Enterprise: http://secunia.com/product/3342/


    DESCRIPTION:

    Multiple vulnerabilities have been reported in RealOne Player, RealPlayer and Helix Player, which can be exploited by malicious people to compromise a user's system and delete files.

    1) An unspecified error when running local RM files can potentially be exploited to execute arbitrary code. This vulnerability has been reported in:




    RealPlayer 8 / 10 / 10.5 Beta (6.0.12.1016) / 10.5 (6.0.12.1040) / Enterprise on Windows


    RealOne Player v1, v2 on Windows


    Mac RealPlayer 10 Beta and Mac RealOne Player


    Linux RealPlayer 10 and Helix Player on Linux



    2) A problem with malformed calls can be exploited to execute arbitrary code by embedding the player on a malicious website and making specially crafted calls. The vulnerability has been reported in:




    RealPlayer 10 / 10.5 Beta (6.0.12.1016) / 10.5 (6.0.12.1040)


    RealOne Player v1, v2 on Windows.



    3) An unspecified error allows malicious websites and media files to delete arbitrary local files. The vulnerability has been reported in:




    RealPlayer 10 / 10.5 Beta (6.0.12.1016) / 10.5 (6.0.12.1040)


    RealOne Player v1, v2 on Windows.




    SOLUTION: Apply Updates (see the original Vendor Advisory below).

    ORIGINAL ADVISORY: http://www.service.real.com/help/faq/secur...0928_player/EN/


    THE MUL
     
  2. Brent

    Brent Registered Member

    Joined:
    Jun 22, 2004
    Posts:
    71
    I havent used Real Player in years......
     
Loading...
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.