RealNetworks, Inc. Releases Update to Address Security Vulnerabilities.

Updated December 20, 2013

 

RealNetworks is making available product upgrades that contain security bug fixes.  We have received no reports
of any machines actually being compromised as a result of the now-remedied vulnerabilities.  RealNetworks always
recommends upgrading your product to the most current version available to avoid security vulnerabilities. 



Current Software

The current versions of our Player software are not affected by these vulnerabilities.

Software

Operating System

Languages

RealPlayer 17.0.4.61

Windows XP through Windows 8

All Released

Mac RealPlayer 12.0.1.1738

Mac OS X 10.3 - 10.8.2

All Released


Affected Software

The table below contains a summary of which previous and current versions of the RealPlayer software are susceptible
to these vulnerabilities. The columns and cells in green are the versions of each product where the issue has been resolved. 

CVE Number

Windows

RealPlayer 17.0.4.61

All Previous Versions

Mac
RealPlayer 12.0.1.1738

All Previous Versions

CVE-2013-6877

 

X

 

 

CVE-2013-7260

 

X

 

 

 
CVE Descriptions 

CVE-2013-6877 and CVE-2013-7260 - RealPlayer - Stack buffer or heap overflow in RealPlayer when handling modified RMP files.
Affected software: Windows RealPlayer 17.0.2.206 and prior.
Credit to Ricardo Narvaja from Core Security Exploit Writers Team and Gabor Seljan with CERT(R) Coordination Center for reporting these issues.


Warranty:

RealNetworks Inc. endeavors to provide you with the highest quality products and services, but cannot guarantee, and
does not warrant, that the operation of any RealNetworks product will be error-free, uninterrupted or secure. Please
see your original license agreement for details of our limited warranty or warranty disclaimer.