OS/Platform/Application:

Real Networks RealPlayer (on Mac and Windows systems)

Category: UPDATE
Severity: MEDIUM
Attention: RealPlayer users, System Administrators, Desktop Support Personnel.

Summary: Internet Security Resources are currently reporting the existence of four vulnerabilities in Real Networks' popular RealPlayer Media application.  The vulnerabilities can be exploited by a number of methods such as importing media libraries or handling certain types of media files.  If successful, exploitation could result in a range of unfavorable outcomes including exposure of personal information and complete takeover of a vulnerable computer.

Recommended Actions:  Some versions of Real Player are vulnerable to only one of these threats while other versions are vulnerable to all threats.  Real Networks have released a security advisory that details these vulnerabilities as well as provides instructions to update vulnerable versions of the program.  Users are encouraged to read the advisory (link provided below) for more information.

Some users may not know which version of RealPlayer is installed on their computer.  To determine the version on your omputer (Windows) open the application (usually Start>Programs>Real>RealPlayer) and then click Help>About RealPlayer from the top right toolbar.  Many versions of RealPlayer will have a button on the 'About' window that allows users to check for and install updates right away.  Users are encouraged to update to the latest version as soon as possible.

Readers are encouraged to share this alert with family, friends, and associates.

ITS Actions: N/A
Resources:

Real Networks Security Advisory (provides information on vulnerable versions):
http://service.real.com/realplayer/security/07252008_player/en/#Details

Secunia Advisory:
http://secunia.com/advisories/27620/