RealNetworks, Inc. Releases Update to Address
Security Vulnerabilities.
Updated
January 27, 2011
RealNetworks is making available product
upgrades that contain security bug fixes. We have received no reports of any
machines actually being compromised as a result of the now-remedied
vulnerabilities.
RealNetworks always recommends upgrading your
product to the most current version available to avoid security vulnerabilities.
Current
Software
The current
versions of our Player software are not affected by these vulnerabilities.
|
Software |
Affected? |
Operating System |
Language |
|
RealPlayer
14.0.2 |
No |
Windows
XP, Vista, Win7 |
All
Supported |
|
Mac RealPlayer
12.0.0.1548 |
No |
Mac OS X
10.3 – 10.6 |
All
Supported |
|
RealPlayer
Enterprise 2.1.4 |
No |
Windows
XP, Vista, Win7 |
English |
|
Linux
RealPlayer 11.0.2.2315 |
No |
Linux |
English |
Affected
Software
The table below contains
a summary of which previous and current versions of the RealPlayer software are
susceptible to these vulnerabilities. The columns and cells in green are the
versions of each product where the issue has been resolved.
|
CVE Number |
RealPlayer |
RealPlayer SP 1.0 – 1.1.5 |
RealPlayer 14.0.0 – 14.0.1 |
RealPlayer 14.0.2 |
|
RealPlayer Enterprise 2.1.2-2.1.4 |
|
Mac RealPlayer 12.0 |
|
Linux RealPlayer 11.0 |
|
CVE-2010-4393 |
X |
X |
X |
|
|
|
|
|
|
|
CVE Descriptions
CVE-2010-4393
RealPlayer vidplin AVI Header Heap
Corruption Vulnerability
Affected
software: Windows RealPlayer 14.0.1 and prior
Credit to
Juan Pablo Lopez Yacubian working
with TippingPoint's Zero Day Initiative for reporting this issue.
Warranty:
RealNetworks Inc. endeavors to provide you with the highest quality products and
services, but cannot guarantee, and does not warrant, that the operation of any
RealNetworks product will be error-free,
uninterrupted or secure. Please see your original license agreement for details
of our limited warranty or warranty disclaimer.