Real Customer Supportbypass navigation Customer Support

RealNetworks Releases Security Update to Address RealOne Player Security Vulnerabilities.

Updated October 14, 2003

The specific exploits were:

  • Exploit 1: To embed scripts and/or false URLs in temporary files written by the Player before being executed by the default Web browser.
  • Exploit 2: To operate remote Javascript or VBScript from the domain of the URL opened by a SMIL or other file.

While we have not received reports of anyone actually being attacked with this exploit, all security vulnerabilities are taken very seriously by RealNetworks. RealNetworks has found and fixed the problem.

Affected Software:

"Exploit 1" affects RealOne Player, RealOne Player v2 (all language versions, all platforms), RealOne Player for Mac OSX, and RealOne Enterprise Desktop (all versions, standalone and as configured by the RealOne Desktop Manager).

"Exploit 2" affects RealOne Player and RealOne Player v2 for Windows only (all languages).

Workaround:

To ensure that your Player is protected, we recommend installing the updates available.

UPDATES

Windows Players:

RealOne Player and RealOne Player v2 (all languages) customers please use the following steps to update your Player:

  1. In the Tools menu select Check for Update.
  2. Select the box next to the "RealOne Player" component.
  3. Click the Install button to download and install the update.

Mac OSX Players:

RealOne Player for Mac OSX customers please use the following steps to update your Player:

  1. In the RealOne Player menu select Check for Update.
  2. Select the box next to the "RealOne Player" component.
  3. Click the Install button to download and install the update.

RealOne Enterprise Products:

Please click here to update your RealOne Desktop Manager.
Please click here to update your RealOne Enterprise Desktop

German
Spanish
French
Italian
Portuguese
Japanese
Korean
Simplified Chinese
Traditional Chinese

Acknowledgements:

RealNetworks would also like to acknowledge Krazy Snake for bringing this exploit to our attention as well as all those who subsequently worked with us to correct this security vulnerability.

Warranty:

While RealNetworks endeavors to provide you with the highest quality products and services, we cannot guarantee and do not warrant that the operation of any RealNetworks product will be error-free, uninterrupted or secure. See your original license agreement for details of our limited warranty or warranty disclaimer.