|
ALARM Group ALERT ¿ click for a description of ALARM, The Computing Alert System
Alert Number: 032306-01
Alert Date: 03/23/06
Alert Title: RealNetworks releases updates for security Vulnerabilities
Update-to: None
OS/Platform/Application:
On Microsoft Windows systems:
RealPlayer 10.5 (6.0.12.1040-1348)
RealPlayer 10
RealOne Player v2
RealOne Player v1
RealPlayer 8
RealPlayer Enterprise
Rhapsody 3 (build 0.815 ¿ 1.0.269)
On Apple Mac systems:
Mac RealPlayer 10 (10.0.0.305 - 331)
Mac RealOne Player
On Linux systems:
Linux RealPlayer 10 (10.0.6)
Helix Player (10.0.6)
Linux RealPlayer 10 (10.0.0 - 5)
Helix Player (10.0.0 - 5)
Category: ALERT
Severity: MEDIUM
Attention: System Administrators, Desktop Support Personnel, RealNetworks product users |
Summary: On March 22 2006 RealNetworks released a document acknowledging the existence of four security vulnerabilities that can affect multiple versions of its popular line of RealPlayer, RealOne, Rhapsody and Helix media players. Exploitation of these vulnerabilities could result in remote code execution if an end-user opens a specially-crafted web page or media file. At the time of this writing (9AM EST 3/23/06) no publicly-available exploit for any of these vulnerabilities is known to exist. RealNetworks has released updates for products affected by these vulnerabilities.
Recommended Actions: Administrators of systems that use the above-listed RealNetworks products are encouraged to read the Security Update information (link provided below) and (if applicable) apply the update(s) as soon as possible.
ITS Actions: N/A
Resources:
RealNetworks Product update/vulnerability notice:
http://service.real.com/realplayer/security/03162006_player/en/
Secunia Advisory (provides good detail of vulnerabilities):
http://secunia.com/advisories/19358/
