Customer Support - Real Security Updates

	Customer Support Home
RealPlayer
SuperPass
RealArcade
Business Products

	My Account

RealNetworks, Inc. Releases Update to Address Security Vulnerabilities.

Updated September 30, 2005

RealNetworks, Inc. has addressed recently discovered a security vulnerability that offered the potential for an attacker to run arbitrary or malicious code on a customer's machine. RealNetworks has received no reports of machines compromised as a result of the now-remedied vulnerability. RealNetworks takes all security vulnerabilities very seriously.

Affected Software: (see BLUE below)

Windows

Software Affected? Language Update Available?

RealPlayer 10.5 (6.0.12.1040-1235) No All supported Not required

RealPlayer 10 No All supported Not required

RealOne Player v2 No All supported Not required

RealOne Player v1 No English Not required

RealPlayer 8 No All supported Not required

RealPlayer Enterprise No English Not required

Note: To see your Player version number (6.0.x.xxxx), select Help > About in the Player menus.

Software Affected? Language Update Available?

Rhapsody 3 (build 0.815 - 0.1141) No All supported Not required

Rhapsody 2 No All supported Not required

Note: To see your Rhapsody version number (build 0.xxx), select Help > About in the Rhapsody menu.

Mac

Software Affected? Language Update Available?

Mac RealPlayer 10 (10.0.0.305 - 331) No All Supported Not required

Mac RealOne Player No English Not required

Note: To see your Player version number (10.0.0.xxx), select About in the RealPlayer menu.

Linux

Software Affected? Language Update Available?

Linux RealPlayer 10 (10.0.6) No All Provided Not required

Helix Player (10.0.6) No All Provided Not required

Linux RealPlayer 10 (10.0.0 - 5) Yes All Provided Requires upgrade

Helix Player (10.0.0 - 5) Yes All Provided Requires upgrade

Note: To see your Player version number (10.0.0.xxx), select Help > About in the Player menu.

Handheld Devices

Software Affected? Language Update Available?

Nokia Series60 Handsets No English Not Required

RealPlayer for Palm No English Not Required

RealOne Player for Palm No English Not Required

Workaround:

To ensure that your Player is protected, we recommend installing the available updates:

UPDATES

Linux Players:

Please click here to get an updated RealPlayer 10 for Linux.
Please click here to get an updated Helix Player for Linux.

Exploit Specifics:

To fashion a malicious RealPix file to cause a heap overflow which could have allowed an attacker to execute arbitrary code on a customer's machine.

Acknowledgements:

RealNetworks would like to acknowledge iDEFENSE Labs and others for bringing these exploits to our attention as well as those who subsequently worked with RealNetworks to correct the vulnerabilities.

Warranty:

RealNetworks Inc. endeavors to provide you with the highest quality products and services, but cannot guarantee, and does not warrant, that the operation of any RealNetworks product will be error-free, uninterrupted or secure. Please see your original license agreement for details of our limited warranty or warranty disclaimer.