Alert Number:  102207-01
Alert Date:  10/22/07
Alert Title:  Update addresses critical vulnerability in RealPlayer
Update-to:  none
OS/Platform/Application:  RealNetworks RealPlayer versions 10.5 and 11 (beta) on Windows systems
Category:  ALERT
Severity:  HIGH
Attention:  System Administrators, Desktop Support Personnel, RealPlayer users

Summary:  Numerous Internet security-related agencies are reporting the existence of a vulnerability in RealNetworks' popular RealPlayer media application that can allow a system to be taken over by an attacker.  The most likely vector of exploit would be the visitation of a specifically-crafted web page.

A patch has been made available from RealNetworks to address this vulnerability.  Exploit code for this vulnerability has been made publically available and active exploit activity is currently being reported from various security-related agencies so it is important to patch vulnerable systems as soon as possible.

Recommended Actions:  Persons who manage, maintain or use RealPlayer are encouraged to read the update information (including any associated caveats, system requirements, etc) and (if appropriate) apply the upgrade immediately as per the instructions provided by the vendor.  Readers are encouraged to share this alert with family, friends, and associates who may use RealPlayer on their home PCs.

ITS Actions:  At this time, ITS is taking no specific additional actions to address this software update release.

Resources:

RealPlayer Security update information link:
http://service.real.com/realplayer/security/191007_player/en/

FrSirt advisory:
http://www.frsirt.com/english/advisories/2007/3548

Secunia advisory:
http://secunia.com/advisories/27248/