RealNetworks, Inc. Releases Update to Address Security Vulnerabilities.

Updated April 12, 2011

 

RealNetworks is making available product upgrades that contain security bug fixes. We have received no reports of any machines actually being compromised as a result of the now-remedied vulnerabilities.

RealNetworks always recommends upgrading your product to the most current version available to avoid security vulnerabilities. 



 

Current Software
The current versions of our Player software are not affected by these vulnerabilities.

Software

Affected?

Operating System

Language

RealPlayer 14.0.3

No

Windows XP, Vista, Win7

All Supported

Mac RealPlayer 12.0.0.1548

No

Mac OS X 10.3 – 10.6

All Supported

RealPlayer Enterprise 2.1.5

No

Windows XP, Vista, Win7

English

Linux RealPlayer 11.0.2.2315

No

Linux

English

 

Affected Software
The table below contains a summary of which previous and current versions of the RealPlayer software are susceptible to these vulnerabilities. The columns and cells in green are the versions of each product where the issue does not occur or has been resolved.

 

CVE Number

RealPlayer
11.0 – 11.1

RealPlayer SP 1.0 – 1.1.5

RealPlayer 14.0.0 – 14.0.2

RealPlayer 14.0.3

 

RealPlayer Enterprise 2.0 - 2.1.5

 

Mac RealPlayer 11.0 - 12.0

 

Linux RealPlayer 11.0

CVE-2011-1426

X

X

X

 

 

 

 

 

 

 

CVE-2011-1525

X

X

X

 

 

 

 

 

 

 

 

 

CVE Descriptions

 

CVE-2011-1426

RealPlayer Local HTML Files Remote Code Execution Cross Domain Scripting Vulnerability

Affected software: Windows RealPlayer 14.0.2 and prior.

Credit to Peter Vreugdenhil working with TippingPoint's Zero Day Initiative for reporting this issue.

 

CVE-2011-1525

RealPlayer IVR Parsing Heap Overflow Vulnerability

Affected Software: Windows RealPlayer 14.0.2 and prior.

 

 

Warranty:

RealNetworks Inc. endeavors to provide you with the highest quality products and services, but cannot guarantee, and does not warrant, that the operation of any RealNetworks product will be error-free, uninterrupted or secure. Please see your original license agreement for details of our limited warranty or warranty disclaimer.