TITLE:
RealOne Insecure Temporary Files

SECUNIA ADVISORY ID:
SA10032

VERIFY ADVISORY:
http://www.secunia.com/advisories/10032/

CRITICAL:
Less critical

IMPACT:
Privilege escalation

WHERE:
Local system

SOFTWARE:
RealOne Player v2
RealOne Player v1
RealOne Enterprise Desktop
RealOne Desktop Manager

DESCRIPTION:
A vulnerability has been identified in RealOne Player allowing
malicious, local users to escalate their privileges.

The problem is caused due to insecure creation of temporary files,
which allows malicious users to manipulate URLs or embed scripts when
the player launches the default browser.

The vulnerability affects RealOne Player, RealOne Player v2, RealOne
Player for Mac OSX, and RealOne Enterprise Desktop.

SOLUTION:
Updated versions are available:

RealOne Player:
Use the "Check for Update" function.

RealOne Desktop Manager:
http://licensekey.realnetworks.com/rnforms/products/tools/rdm/index.html

RealOne Enterprise Desktop:
http://forms.real.com/rnforms/products/tools/red/index.html

NOTE: These updates also fixes the SMIL Cross Site Scripting
vulnerability:
SA9584

REPORTED BY / CREDITS:
Krazy Snake

ORIGINAL ADVISORY:
http://www.service.real.com/help/faq/security/securityupdate_october2003.html

OTHER REFERENCES:
SA9584:
http://www.secunia.com/advisories/9584/

----------------------------------------------------------------------

Secunia recommends that you verify all advisories you receive, by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

Contact details:
Web  : http://www.secunia.com/
E-mail  : support@secunia.com
Tel  : +45 7020 5144
Fax  : +45 7020 5145

----------------------------------------------------------------------