RealNetworks Support: Security Patch Update For Realplayer Enterprise

	Customer Support Home
RealPlayer Support
RealArcade Support
Helix Support
International Support
Firewall Support

Security Patch Update For Realplayer Enterprise

Updated March 1, 2005

RealNetworks, Inc. has addressed recently discovered security vulnerabilities that offered the potential for an attacker to run arbitrary or malicious code on a customer's machine. RealNetworks has received no reports of machines compromised as a result of the now-remedied vulnerabilities. RealNetworks takes all security vulnerabilities very seriously.

The specific exploits were:

Exploit 1: To fashion a malicious WAV file to cause a buffer overflow which could have allowed an attacker to execute arbitrary code on a customer's machine.
Exploit 2: To fashion a malicious SMIL file to cause a buffer overflow which could have allowed an attacker to execute arbitrary code on a customer's machine.

Impacted Products and Versions:
This affects versions 1.1, 1.2, 1.5, 1.6 and 1.7 of RealPlayer Enterprise (standalone and as configured by the RealPlayer Enterprise Manager). This patch should not be applied to consumer versions of the RealPlayer, such as RealPlayer 10.

SOLUTION:
To ensure that your RealPlayer Enterprise and RealPlayer Enterprise Manager is protected, we recommend you follow the steps below to install the security update:

1) Installing the update for a deployed RealPlayer Enterprise

a) To update an already installed RealPlayer Enterprise, complete the following steps:

i) Close the RealPlayer Enterprise.

ii) Download the updated audp3260.dll and smlr3260.dll. Place these files in "c:\program files\common files\real\plugins"

iii) Restart RealPlayer Enterprise.

2) Installing the update for RealPlayer Enterprise Manager

a) To update RealPlayer Enterprise Manager (RPEM) so that it can generate RealPlayer Enterprise installers that contain this update, complete the following steps:

i) Locate the "IntranetPlayer\generator\win\bin" directory in your RPEM installation. On Linux/Unix this would be the location of your RPEM install, plus: "IntranetPlayer/generator/win/bin". On Windows this is probably in "c:\program files\Real\RealPlayer Enterprise Manager\IntranetPlayer\generator\win\bin".

ii) Copy the DLLs below to the corresponding subdirectory of the "IntranetPlayer\generator\win\bin" directory:
audp3260.dll -> AUDP
smlr3260.dll -> PLINS

iii) Restart the RPEM.

iv) Generate a new RealPlayer Enterprise installer as normal.

WARRANTY:

While RealNetworks endeavors to provide you with the highest quality products and services, we cannot guarantee and do not warrant that the operation of any RealNetworks product will be error-free, uninterrupted or secure. See your original license agreement for details of our limited warranty or warranty disclaimer.