Customer Support - Real Security Updates

	Customer Support Home
RealPlayer
Premium Subscriptions
Music Store
Rhapsody
RealArcade
Business Products

	My Account

RealNetworks, Inc. Releases Update to Address Security Vulnerability.

Updated April 6th, 2004

RealNetworks Inc. has recently been made aware of a security vulnerability that could potentially allow an attacker to run arbitrary code on a user's machine.

The specific exploit was:

To fashion an R3T media file to create a “Buffer Overrun” error.

While we have not received reports of anyone actually being attacked with this exploit and though the percentage of players with this plug-in is very small, all security vulnerabilities are taken very seriously by RealNetworks Inc. Real has found and fixed the problem.

Affected Software:

The following software is only vulnerable if users have taken a past action to download the specialized R3T plug-in. This exploit affects RealPlayer 8, RealOne Player, RealOne Player v2 for Windows only (all languages), RealPlayer 10 Beta (English only) and ReaPlayer Enterprise (all versions, standalone and as configured by the RealPlayer Enterprise Manager).

RealPlayer 10 Gold is not vulnerable as the affected component, if present, is removed during installation.

Workaround:

To ensure that your Player is protected, we recommend installing the update available which will remove the vulnerable plug-in.

UPDATES

Windows Players:

RealOne Player, RealOne Player v2 (localized languages) and RealPlayer 10 Beta customers please click here to remove the component or use the following steps to update your Player:

In the Tools menu, select Check for Update.

Select the box next to the "Security Update - Remove Rich Text 3D” component. If this component does not appear in the list, you do not have the vulnerable plug-in.

If the component does show up, click Install to download and install the update.

RealPlayer 8 (version 6.0.9.584) customers please click here to remove the component or use the following steps to update your Player:

In the Help menu, select Check for Update.

Select the box next to the "Security Update - Remove Rich Text 3D” component. This option is present for all RealPlayer 8 customers. Though only a small percentage of customers will have Rich Text 3D installed, installing this Security Update as a precaution will not adversely affect your current Player in any way.

If the component does show up, click Install to download and install the update.

RealPlayer Enterprise Solution:

Please contact your Platinum representative or Real Customer Support for an update.

Acknowledgements:

RealNetworks would also like to acknowledge Mark Litchfield, as well as other contributors for bringing this exploit to our attention and to all those who subsequently worked with us to correct the vulnerabilities.

Warranty:

While RealNetworks endeavors to provide you with the highest quality products and services, we cannot guarantee and do not warrant that the operation of any RealNetworks product will be error-free, uninterrupted or secure. See your original license agreement for details of our limited warranty or warranty disclaimer.