RealNetworks undertakes comprehensive security review to address buffer overrun exploit vulnerabilities in RealOne Player.

December 11, 2002

RealNetworks' engineers are working with industry security professionals to verify and fix recently identified "buffer overrun" errors in the RealOne Player. These kinds of errors could potentially allow an attacker to run arbitrary code on a user's machine. RealNetworks has received no reports of any attacks of this kind.

RealNetworks takes all potential vulnerabilities very seriously. In addition to verifying and fixing the reported vulnerabilities, RealNetworks has undertaken a comprehensive review of all of the RealOne Player code to reduce the possibility that any vulnerabilities remain. An update of the RealOne Player that contains identified fixes will be available by December 25, 2002 at this location and from within the player. In the player, go to Tools/Check for Updates.