realupdate.html

realupdate.html: Posted Oct 7, 2004; Authored by Marc Maiffret, John Heasman | Site service.real.com; RealNetworks Inc. has recently been made aware of security vulnerabilities that could potentially allow an attacker to run arbitrary or malicious code on a user's machine. While they have not received reports of anyone actually being attacked with this exploit, all security vulnerabilities are taken very seriously by RealNetworks Inc. Real has found and fixed the problem.; tags | advisory, arbitrary, vulnerability; SHA-256 | 6271c03d314637ce60285d26839c6ed02232a7c525f81fffb3637673d7cd4358; Download | Favorite | View

realupdate.html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<html>
<head>
<title>Customer Support - Real Security Updates</title>

<!-- end define rpxnav -->


<p class="majorheader">RealNetworks, Inc. Releases Update to Address Security 
 Vulnerabilities.</p>
<p>Updated September 28, 2004</p>
  
<P>
RealNetworks Inc. has recently been made aware of security vulnerabilities that could potentially allow an attacker to run arbitrary or malicious code on a user's machine. While we have not received reports of anyone actually being attacked with this exploit, all security vulnerabilities are taken very seriously by RealNetworks Inc. Real has found and fixed the problem.
<br><br>
The specific exploits were:
<ul>

<li><b>Exploit 1</b>: To fashion an RM file which corrupts the Player when run from a local drive and which might allow an attacker to execute arbitrary code on a user's machine.</li>

<li><b>Exploit 2</b>: To fashion a web page with malformed calls, corrupting the embedded Player, and which might allow an attacker to execute arbitrary code on a user's machine.</li>

<li><b>Exploit 3</b>: To fashion a web page and a media file to allow deletion of a file in a path known to the attacker.</li>

</ul>

<P><b>Affected Software:</b></p>

<blockquote>

<b>Windows</b><br />
<table cellpadding="2" cellspacing="1" border="0" bgcolor="#000000">
<tr>
<td width="280" bgcolor="#FFFFFF" style="padding-left: 4px;"><b>Software</b></td>
<td width="120" bgcolor="#FFFFFF" style="padding-left: 4px;"><b>Affected?</b></td>
<td width="140" bgcolor="#FFFFFF" style="padding-left: 4px;"><b>Language</b></td>
<td width="150" bgcolor="#FFFFFF" style="padding-left: 4px;"><b>Update Available?</b></td>
</tr>
<tr>
<td bgcolor="#FFFFFF" style="padding-left: 4px;">RealPlayer 10.5 (6.0.12.1053)</td>
<td bgcolor="#FFFFFF" style="padding-left: 4px;">No</td>
<td bgcolor="#FFFFFF" style="padding-left: 4px;">All Supported</td>
<td bgcolor="#FFFFFF" style="padding-left: 4px;">Not required</td>
</tr>
<tr>
<td bgcolor="#FFFFFF" style="padding-left: 4px;">RealPlayer 10.5 (6.0.12.1040)</td>
<td bgcolor="#FFFFFF" style="padding-left: 4px;"><font color="#0000FF">Yes</font></td>
<td bgcolor="#FFFFFF" style="padding-left: 4px;">English</td>
<td bgcolor="#FFFFFF" style="padding-left: 4px;">Requires upgrade</td>
</tr>
<tr>
<td bgcolor="#FFFFFF" style="padding-left: 4px;">RealPlayer 10.5 Beta (6.0.12.1016)</td>
<td bgcolor="#FFFFFF" style="padding-left: 4px;"><font color="#0000FF">Yes</font></td>
<td bgcolor="#FFFFFF" style="padding-left: 4px;">English</td>
<td bgcolor="#FFFFFF" style="padding-left: 4px;">Requires upgrade</td>
</tr>
<tr>
<td bgcolor="#FFFFFF" style="padding-left: 4px;">RealPlayer 10</td>
<td bgcolor="#FFFFFF" style="padding-left: 4px;"><font color="#0000FF">Yes</font></td>
<td bgcolor="#FFFFFF" style="padding-left: 4px;">All Supported</td>
<td bgcolor="#FFFFFF" style="padding-left: 4px;">Requires upgrade</td>
</tr>
<tr>
<td bgcolor="#FFFFFF" style="padding-left: 4px;">RealOne Player v1, v2</td>
<td bgcolor="#FFFFFF" style="padding-left: 4px;"><font color="#0000FF">Yes</font></td>
<td bgcolor="#FFFFFF" style="padding-left: 4px;">All Supported</td>
<td bgcolor="#FFFFFF" style="padding-left: 4px;">Requires upgrade</td>
</tr>
<tr>
<td bgcolor="#FFFFFF" style="padding-left: 4px;">RealPlayer 8</td>
<td bgcolor="#FFFFFF" style="padding-left: 4px;"><font color="#0000FF">By #1</font></td>
<td bgcolor="#FFFFFF" style="padding-left: 4px;">All Supported</td>
<td bgcolor="#FFFFFF" style="padding-left: 4px;">Requires upgrade</td>
</tr>
<tr>
<td bgcolor="#FFFFFF" style="padding-left: 4px;">RealPlayer Enterprise</td>
<td bgcolor="#FFFFFF" style="padding-left: 4px;"><font color="#0000FF">By #1</font></td>
<td bgcolor="#FFFFFF" style="padding-left: 4px;">English</td>
<td bgcolor="#FFFFFF" style="padding-left: 4px;">Yes</td>
</tr>
</table>

<table cellpadding="2" cellspacing="0" border="0">
<tr>
<td width="710" style="padding-left: 4px;"><p>Note: To see your Player version number (6.0.12.xxxx), select <b>Help > About</b> in the Player menus.</p></td>
</tr>
</table>

<br />

<b>Mac</b><br />
<table cellpadding="2" cellspacing="1" border="0" bgcolor="#000000">
<tr>
<td width="280" bgcolor="#FFFFFF" style="padding-left: 4px;"><b>Software</b></td>
<td width="120" bgcolor="#FFFFFF" style="padding-left: 4px;"><b>Affected?</b></td>
<td width="140" bgcolor="#FFFFFF" style="padding-left: 4px;"><b>Language</b></td>
<td width="150" bgcolor="#FFFFFF" style="padding-left: 4px;"><b>Update Available?</b></td>
</tr>
<tr>
<td bgcolor="#FFFFFF" style="padding-left: 4px;">Mac RealPlayer 10</td>
<td bgcolor="#FFFFFF" style="padding-left: 4px;">No</td>
<td bgcolor="#FFFFFF" style="padding-left: 4px;">All Supported</td>
<td bgcolor="#FFFFFF" style="padding-left: 4px;">Not required</td>
</tr>
<tr>
<td bgcolor="#FFFFFF" style="padding-left: 4px;">Mac RealPlayer 10 Beta</td>
<td bgcolor="#FFFFFF" style="padding-left: 4px;"><font color="#0000FF">By #1</font></td>
<td bgcolor="#FFFFFF" style="padding-left: 4px;">English</td>
<td bgcolor="#FFFFFF" style="padding-left: 4px;">Requires upgrade</td>
</tr>
<tr>
<td bgcolor="#FFFFFF" style="padding-left: 4px;">Mac RealOne Player</td>
<td bgcolor="#FFFFFF" style="padding-left: 4px;"><font color="#0000FF">By #1</font></td>
<td bgcolor="#FFFFFF" style="padding-left: 4px;">English</td>
<td bgcolor="#FFFFFF" style="padding-left: 4px;">Yes</td>
</tr>
</table>

<br />

<b>Linux</b><br />
<table cellpadding="2" cellspacing="1" border="0" bgcolor="#000000">
<tr>
<td width="280" bgcolor="#FFFFFF" style="padding-left: 4px;"><b>Software</b></td>
<td width="120" bgcolor="#FFFFFF" style="padding-left: 4px;"><b>Affected?</b></td>
<td width="140" bgcolor="#FFFFFF" style="padding-left: 4px;"><b>Language</b></td>
<td width="150" bgcolor="#FFFFFF" style="padding-left: 4px;"><b>Update Available?</b></td>
</tr>
<tr>
<td bgcolor="#FFFFFF" style="padding-left: 4px;">Linux RealPlayer 10</td>
<td bgcolor="#FFFFFF" style="padding-left: 4px;"><font color="#0000FF">By #1</font></td>
<td bgcolor="#FFFFFF" style="padding-left: 4px;">English</td>
<td bgcolor="#FFFFFF" style="padding-left: 4px;">Yes</td>
</tr>
<tr>
<td bgcolor="#FFFFFF" style="padding-left: 4px;">Helix Player</td>
<td bgcolor="#FFFFFF" style="padding-left: 4px;"><font color="#0000FF">By #1</font></td>
<td bgcolor="#FFFFFF" style="padding-left: 4px;">English</td>
<td bgcolor="#FFFFFF" style="padding-left: 4px;">Yes</td>
</tr>
</table>

<br />

<b>Handheld Devices</b><br />
<table cellpadding="2" cellspacing="1" border="0" bgcolor="#000000">
<tr>
<td width="280" bgcolor="#FFFFFF" style="padding-left: 4px;"><b>Software</b></td>
<td width="120" bgcolor="#FFFFFF" style="padding-left: 4px;"><b>Affected?</b></td>
<td width="140" bgcolor="#FFFFFF" style="padding-left: 4px;"><b>Language</b></td>
<td width="150" bgcolor="#FFFFFF" style="padding-left: 4px;"><b>Update Available?</b></td>
</tr>
<tr>
<td bgcolor="#FFFFFF" style="padding-left: 4px;">Nokia Series60 Handsets</td>
<td bgcolor="#FFFFFF" style="padding-left: 4px;">No</td>
<td bgcolor="#FFFFFF" style="padding-left: 4px;">English</td>
<td bgcolor="#FFFFFF" style="padding-left: 4px;">Not Required</td>
</tr>
<tr>
<td bgcolor="#FFFFFF" style="padding-left: 4px;">Helix Player for Symbian</td>
<td bgcolor="#FFFFFF" style="padding-left: 4px;">No</td>
<td bgcolor="#FFFFFF" style="padding-left: 4px;">English</td>
<td bgcolor="#FFFFFF" style="padding-left: 4px;">Not Required</td>
</tr>
<tr>
<td bgcolor="#FFFFFF" style="padding-left: 4px;">RealPlayer for Palm</td>
<td bgcolor="#FFFFFF" style="padding-left: 4px;">No</td>
<td bgcolor="#FFFFFF" style="padding-left: 4px;">English</td>
<td bgcolor="#FFFFFF" style="padding-left: 4px;">Not Required</td>
</tr>
<tr>
<td bgcolor="#FFFFFF" style="padding-left: 4px;">RealOne Player for Palm</td>
<td bgcolor="#FFFFFF" style="padding-left: 4px;">No</td>
<td bgcolor="#FFFFFF" style="padding-left: 4px;">English</td>
<td bgcolor="#FFFFFF" style="padding-left: 4px;">Not Required</td>
</tr>
</table>

</blockquote>

<br />

<P><b>Workaround:</b></p>

<blockquote>
<p>To ensure that your Player is protected, we recommend installing the available updates.</p>
</blockquote>

<br />

<P><b>UPDATES</b></p>

<br />

<P><b>Windows Players:</b></p>

<blockquote> 

<p>RealOne Player (English only), RealOne Player v2, RealPlayer 10, and RealPlayer 10.5 (English only) requires a full download to correct this issue:</p>
 <ol>
  <li>In the <b>Tools</b> menu select <b>Check for Update</b>. </li>
  <li>Select the box next to the "RealPlayer 10.5 with Harmony&trade; Technology" component.</li>
  <li>Click <b>Install</b> to download and install the update. </li>
 </ol>

<p>RealPlayer 8 (version 6.0.9.584):</p>
 <ol>
  <li>Go to the <b>Help</b> menu. </li>
  <li>Select <b>Check for Update</b>. </li>
  <li>Select the box next to the "RealPlayer 10.5 with Harmony&trade; Technology" component.</li>
  <li>Click <b>Install</b> to download and install the update. </li>
  <li>Then, follow the steps outlined above for RealPlayer 10 to add any additional security fixes. </li>
 </ol>
 
</blockquote> 

<p><b>RealPlayer Enterprise Solution:</b></p>
<blockquote> 
 <p>Please <a href="http://www.realnetworks.com/info/rpem-rpe-1.7/index.html">click here</a> to get a patch for your RealPlayer Enterprise.</p>
</blockquote>


<p><b>RealOne Player for Mac OS X Players:</b></p>
<blockquote> 
 <p>Mac OS X 10.2 and later:<br />
 Please <a href="http://www.real.com/upgrade/mac_upgrade.html">click here</a> to get the latest RealPlayer 10 for Mac OS X.</p>
 <p>Mac OS X 10.1:<br />
 Please <a href="http://forms.real.com/real/player/blackjack.html">click here</a> to get an updated RealOne Player for Mac OS X.</p>
</blockquote>


<p><b>Linux Players:</b></p>
<blockquote> 
 <p>Please <a href="http://www.real.com/linux">click here</a> to get an updated RealPlayer 10 for Linux.</p>
 <p>Please <a href="http://player.helixcommunity.org/downloads/">click here</a> to get an updated Helix Player for Linux.</p>
</blockquote>


<p>
  <a href="../DE/"><img src="../../German.gif" alt="German" width="58" height="19" border="0"></a><br>
  <a href="../EN/"><img src="../../English.gif" alt="English" width="58" height="19" border="0"></a><BR>
  <a href="../ES-XM/"><img src="../../Spanish.gif" alt="Spanish" width="58" height="19" border="0"></a><br>
  <a href="../FR/"><img src="../../French.gif" alt="French" width="58" height="19" border="0"></a><br>
  <a href="../IT/"><img src="../../Italian.gif" alt="Italian" width="58" height="19" border="0"></a><br>
  <a href="../PT-BR/"><img src="../../Portuguese.gif" alt="Portuguese" width="58" height="19" border="0"></a><br>
  <a href="../JA/"><img src="../../Japanese.gif" alt="Japanese" width="58" height="19" border="0"></a><br>
  <a href="../KO/"><img src="../../Korean.gif" alt="Korean" width="58" height="19" border="0"></a><br>
  <a href="../ZH-CN/"><img src="../../CS.gif" alt="Simplified Chinese" width="58" height="19" border="0"></a><br>
  <a href="../ZH-TW/"><img src="../../CT.gif" alt="Traditional Chinese" width="58" height="19" border="0"></a>
</p>

<p><b>Acknowledgements:</b></p>

<blockquote>
 <p>
 RealNetworks would also like to acknowledge John Heasman, eEye Digital Security, as well as other contributors for bringing these exploits to our attention and to all those who subsequently worked with us to correct the vulnerabilities.
 </p>
</blockquote>

<p><b>Warranty:</b></p>

<blockquote>
<p>
While RealNetworks Inc. endeavors to provide you with the highest quality products and services, we cannot guarantee and do not warrant that the operation of any Real product will be error-free, uninterrupted or secure. See your original license agreement for details of our limited warranty or warranty disclaimer.<br>
</p>
</blockquote>


<!-- define rpxfooter -->

Top Authors In Last 30 Days

Red Hat 179 files
Ubuntu 58 files
Debian 26 files
LiquidWorm 11 files
Valentin Lobstein 11 files
nu11secur1ty 8 files
Apple 6 files
Google Security Research 5 files
E1.Coders 4 files
malvuln 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,014)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,227)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,501)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,439)
UNIX (9,391)
UnixWare (187)
Windows (6,649)
Other

realupdate.html

realupdate.html

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

realupdate.html

Share This

realupdate.html

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems