RealNetworks, Inc. Releases Update to Address Security Vulnerabilities
Updated October 25, 2007
RealNetworks has issued a fix for a vulnerability identified as a malicious web page which affects the import method of an Active X control to cause a stack overflow in the Realplayer. CVE-2007-5601. This posting is applicable to versions of the product downloaded before October 25th, 2007.
RealPlayer 10.5 and RealPlayer 11 beta users should install the patch per the instructions below to address this security vulnerability that aims to cause buffer overflow that could provide the potential for an attacker to run arbitrary or malicious code on a user’s PC.
RealOne Player, RealOne Player v2 and RealPlayer 10 users should upgrade immediately to RealPlayer 10.5 or RealPlayer 11 beta following the instructions below.
For Windows XP, Windows 2000, Windows 98, Windows ME:
Macintosh and Linux versions of RealPlayer are not at risk for this vulnerability. In addition, RealPlayer 8 and earlier versions of RealNetworks software for Windows are not affected. We are committed to providing our customers with timely and comprehensive information about our software. As such, we encourage users to check this site periodically for the latest updates.
If you are on Windows Vista, please click here to go to download a new player from the web.
RealPlayer 10.5 and RealPlayer 11 beta customers can get a patch to correct this issue. Please click here or to update your Player.
RealOne Player (English only), RealOne Player V2 and RealPlayer 10 customers require a full download to correct this issue. Please click here or use the following steps to upgrade your Player:
Details for Potential Vulnerabilities: