 Multiple vulnerabilities have been reported in RealOne Player, RealPlayer, and
Helix Player, which can be exploited by malicious people to compromise a user's
system and delete files.
1) An unspecified error when running local RM files can potentially be exploited
to execute arbitrary code.
The vulnerability has been reported in:
* RealPlayer 8 / 10 / 10.5 Beta (6.0.12.1016) / 10.5 (6.0.12.1040) / Enterprise
on Windows
* RealOne Player v1, v2 on Windows
* Mac RealPlayer 10 Beta and Mac RealOne Player
* Linux RealPlayer 10 and Helix Player on Linux
2) A problem with malformed calls can be exploited to execute arbitrary code
by embedding the player on a malicious website and making specially crafted
calls.
The vulnerability has been reported in RealPlayer 10 / 10.5 Beta (6.0.12.1016)
/ 10.5 (6.0.12.1040) and RealOne Player v1, v2 on Windows.
3) An unspecified error allows malicious websites and media files to delete
arbitrary local files.
The vulnerability has been reported in RealPlayer 10 / 10.5 Beta (6.0.12.1016)
/ 10.5 (6.0.12.1040) and RealOne Player v1, v2 on Windows.
SOFTWARE:
RealPlayer 8
RealPlayer 10
RealOne Player v2
RealOne Player v1
Helix Player 1.x
RealPlayer Enterprise
SOLUTION:
Apply updates (see the original vendor advisory).
PROVIDED AND/OR DISCOVERED BY:
John Heasman and Marc Maiffret.
ORIGINAL ADVISORY:
http://www.service.real.com/help/faq/security/040928_player/EN/ | 
Contribute :
Advanced Search :
Web Resources :
Polls :
File Repository
