Customer Support - RealOne Security Updates

	Customer Support Home
RealPlayer
Premium Subscriptions
Music Store
Rhapsody
RealArcade
Business Products

	My Account

RealNetworks Releases Security Update to Address RealOne Player Security Vulnerabilities.

Updated August 19 , 2003

The specific exploit was:

To operate remote Javascript or VBScript from the domain of the URL opened by a SMIL file.

Note: A small number of presentations may be disabled by this fix, for instance those that call javascript as an embedded event in an .RM file. In the stated example, it is recommended to move all javascript to a page that is opened with an embedded event via an http call. For further information or suggestions please refer to the RealNetworks Support Area which includes areas for documentation, community support and code samples.

While we have not received reports of anyone actually being attacked with this exploit, all security vulnerabilities are taken very seriously by RealNetworks. RealNetworks has found and fixed the problem.

Affected Software:

RealOne Player (English only), RealOne Player v2 for Windows (all language versions), and RealOne Enterprise Desktop (all versions, standalone and as configured by the RealOne Desktop Manager).

Workaround:

To ensure that your Player is protected, we recommend installing the updates available.

UPDATES

Windows Players:

RealOne Player (English Only) requires a full download to correct this issue. Please use the following steps to update your Player:

In the Tools menu select Check for Update.

Select the box next to the "RealOne Player" component.

Click the Install button to download and install the update.

RealOne Player v2 (all languages) customers please use the following steps to update your Player:

In the Tools menu select Check for Update.

Select the box next to the "Security Update – August 2003" component.

Click the Install button to download and install the update.

RealOne Enterprise Products:

Please click here to update your RealOne Desktop Manager.
Please click here to update your RealOne Enterprise Desktop

Acknowledgements:

RealNetworks would also like to acknowledge digitalpranksters and Krazy Snake for bringing this exploit to our attention as well as all those who subsequently worked with us to correct this security vulnerability.

Warranty:

While RealNetworks endeavors to provide you with the highest quality products and services, we cannot guarantee and do not warrant that the operation of any RealNetworks product will be error-free, uninterrupted or secure. See your original license agreement for details of our limited warranty or warranty disclaimer.