High-severity flaw plagues RealOne Player, RealPlayer
To correct a high-severity flaw that impacts millions of users, RealNetworks Inc. recommends upgrading numerous versions of its RealOne Player and RealPlayer to correct security vulnerabilities that could allow an attacker to run arbitrary code on a user's machine.
According to one of the flaw's discoverers, U.K.-based NGSSoftware's John Heasman, RealOne and RealPlayer are the most widely used products for Internet media delivery and are used by more than 200 million users worldwide. The specific number of users affected by the flaw was not released.
"This vulnerability is of high severity given the size of RealNetwork's user base, and given that an attacker could potentially execute code," said Heasman, a security analyst. "Furthermore, the bug is in a core component of RealPlayer, thus it affects the all current versions, from the free player that a home user might download, to the Enterprise edition that an organisation might deploy company-wide."
Affected versions include: RealOne Player (English), RealOne Player version 2 (all languages), RealPlayer 8 (all languages), RealPlayer 10 (English, German and Japanese), RealPlayer Enterprise (all versions, standalone and as configured by the RealPlayer Enterprise Manager).
For more information
Read here...