• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
AplusWebMaster

RealPlayer vulns / updates

17 posts in this topic

FYI...

 

RealPlayer multiple vulns - update available

- http://secunia.com/advisories/38218/2/

Release Date: 2010-01-20

Critical: Highly critical

Impact: DoS, System access

Where: From remote

Solution Status: Vendor Patch

Software: Helix Player 1.x, Helix Player 11.x, RealPlayer 10.x, RealPlayer 11.x, RealPlayer Enterprise 1.x, RealPlayer SP 1.x

Solution: Update to the latest version. Please see the vendor's advisory for details:

http://service.real.com/realplayer/security/01192010_player/en/

- http://atlas.arbor.net/briefs/index#-654730286

February 15, 2010 - "High Severity... Analysis: This is a high severity risk that we encourage all sites to remedy as soon as possible..."

 

- http://secunia.com/advisories/38218/3/

CVE reference: CVE-2009-0375, CVE-2009-0376, CVE-2009-4241, CVE-2009-4242, CVE-2009-4243, CVE-2009-4244, CVE-2009-4245, CVE-2009-4246, CVE-2009-4247, CVE-2009-4248, CVE-2009-4257

 

- http://www.us-cert.gov/current/archive/2010/01/29/archive.html#realnetworks_inc_releases_updates_to

January 22, 2010

 

:ph34r:

Edited by apluswebmaster

Share this post


Link to post
Share on other sites

FYI...

 

RealPlayer SP version 1.1.5 released

- http://secunia.com/advisories/41154/

Release Date: 2010-08-27

Criticality level: Highly critical

Impact: System access

Where: From remote

Software: RealPlayer 11.x

CVE Reference(s): CVE-2010-0116, CVE-2010-0117, CVE-2010-0120, CVE-2010-2996, CVE-2010-3000, CVE-2010-3001, CVE-2010-3002

... The vulnerabilities are reported in version 11.1 and prior.

- http://secunia.com/advisories/41096/

... The vulnerabilities are reported in version 1.1.4 and prior.

Solution: Upgrade to RealPlayer SP version 1.1.5.

Original Advisory: RealNetworks:

http://service.real.com/realplayer/security/08262010_player/en/

 

- http://securitytracker.com/alerts/2010/Aug/1024370.html

Aug 27 2010

 

Real Alternative 2.02

- http://filehippo.com/download_real_alternative/

"... latest version contains: Media Player Classic - a freeware media player that supports both Real Alternative and QuickTime Alternative..."

 

Test: http://www.baseball-almanac.com/carlin.ram

 

:ph34r:

Edited by apluswebmaster

Share this post


Link to post
Share on other sites

FYI...

 

RealPlayer v2.1.3 released

- http://secunia.com/advisories/41743/

Release Date: 2010-10-18

Criticality level: Highly critical

Impact: System access

Solution Status: Vendor Patch ...

CVE Reference(s): CVE-2010-2578, CVE-2010-3747, CVE-2010-3748, CVE-2010-3750

Solution: Update to version 2.1.3.

Original Advisory: RealNetworks:

http://service.real.com/realplayer/security/10152010_player/en/

 

- http://securitytracker.com/alerts/2010/Oct/1024598.html

Oct 18 2010

 

:ph34r:

Edited by AplusWebMaster

Share this post


Link to post
Share on other sites

FYI...

 

RealPlayer v14.0.0 released

- http://www.securitytracker.com/id?1024861

Dec 10 2010

Version: prior to 14.0.0

Description: Multiple vulnerabilities were reported in RealPlayer. A remote user can cause arbitrary code to be executed on the target user's system.

A remote user can create specially crafted content that, when loaded by the target user, will execute arbitrary code on the target system. The code will run with the privileges of the target user. RealPlayer Enterprise is also affected...

CVE Reference: CVE-2010-0121, CVE-2010-0125, CVE-2010-2579, CVE-2010-2997, CVE-2010-2999, CVE-2010-4375, CVE-2010-4376, CVE-2010-4377, CVE-2010-4378, CVE-2010-4379, CVE-2010-4380, CVE-2010-4381, CVE-2010-4382, CVE-2010-4383, CVE-2010-4384, CVE-2010-4385, CVE-2010-4386, CVE-2010-4387, CVE-2010-4388, CVE-2010-4389, CVE-2010-4390, CVE-2010-4391, CVE-2010-4392, CVE-2010-4394, CVE-2010-4395, CVE-2010-4396, CVE-2010-4397

 

- http://service.real.com/realplayer/security/12102010_player/en/

December 10, 2010

 

- http://www.h-online.com/security/news/item/Overdue-patches-published-for-RealPlayer-1151696.html

12 December 2010, 22:39 - "... Those who still use a vulnerable RealPlayer should install the update immediately – or take the opportunity to uninstall the program if it is no longer in use. If left unpatched, it is a serious security risk."

 

:ph34r:

Edited by AplusWebMaster

Share this post


Link to post
Share on other sites

FYI...

 

RealPlayer v14.0.2 released

- http://secunia.com/advisories/43098/

Release Date: 2011-01-28

Criticality level: Highly critical

Solution Status: Vendor Patch

Software: RealPlayer 11.x, RealPlayer 14.x, RealPlayer SP 1.x

CVE Reference: CVE-2010-4393

...The vulnerability is reported in versions 14.0.1 and prior, SP 1.1.5 and prior, and 11.1 and prior.

Solution: Update to version 14.0.2.

Original Advisory: RealNetworks:

http://service.real.com/realplayer/security/01272011_player/en/

 

- http://www.securitytracker.com/id/1024998

Jan 28 2011

 

> http://www.real.com/

 

- http://secunia.com/advisories/43268/

Release Date: 2011-02-09

Criticality level: Highly critical

Solution: Update to version 14.0.2 and 2.1.5 (build 6.0.12.1830).

Original Advisory: RealPlayer:

http://service.real.com/realplayer/security/02082011_player/en/

http://docs.real.com/docs/security/SecurityUpdate020811RPE.pdf

 

:ph34r:

Edited by AplusWebMaster

Share this post


Link to post
Share on other sites

FYI...

 

RealPlayer v14.0.3 released

- http://service.real.com/realplayer/security/04122011_player/en/

April 12, 2011

- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1426

- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1525

Last revised: 04/21/2011

CVSS v2 Base Score: 9.3 (HIGH)

Affected Software: Windows RealPlayer 14.0.2 and prior...

 

- http://secunia.com/advisories/43847/

Last Update: 2011-04-13

Criticality level: Highly critical

Impact: System access

Where: From remote

Solution Status: Vendor Patch

Solution: Update to version 14.0.3...

 

- http://www.securitytracker.com/id/1025351

Apr 13 2011

Impact: Execution of arbitrary code via network, User access via network

Fix Available: Yes Vendor Confirmed: Yes

Version(s): prior to 14.0.3

Description: A vulnerability was reported in RealPlayer. A remote user can cause arbitrary code to be executed on the target user's system...

 

> http://www.real.com/

 

:ph34r:

Edited by AplusWebMaster

Share this post


Link to post
Share on other sites

FYI...

 

RealPlayer v14.0.6 released

- http://service.real.com/realplayer/security/08162011_player/en/

August 16, 2011

 

RealPlayer

- http://www.securitytracker.com/id/1025943

Aug 17 2011

CVE Reference: CVE-2011-2945, CVE-2011-2946, CVE-2011-2947, CVE-2011-2948, CVE-2011-2949, CVE-2011-2950, CVE-2011-2951, CVE-2011-2952, CVE-2011-2953, CVE-2011-2954, CVE-2011-2955

Impact: Execution of arbitrary code via network, User access via network

Version(s): prior to 14.0.6

 

RealPlayer Enterprise

- http://www.securitytracker.com/id/1025944

Aug 17 2011

CVE Reference: CVE-2011-2947, CVE-2011-2948, CVE-2011-2949, CVE-2011-2952, CVE-2011-2955

Impact: Execution of arbitrary code via network, User access via network

Version(s): 2.0 – 2.1.5

Solution: The vendor has issued a fix (2.1.6).

 

:!: :ph34r:

Share this post


Link to post
Share on other sites

FYI...

 

RealPlayer v15.0.0 released

- https://secunia.com/advisories/46954/

Release Date: 2011-11-21

Criticality level: Highly critical

Impact: System access

Where: From remote

CVE Reference(s): CVE-2011-4244, CVE-2011-4245, CVE-2011-4246, CVE-2011-4247, CVE-2011-4248, CVE-2011-4249, CVE-2011-4250, CVE-2011-4251, CVE-2011-4252, CVE-2011-4253, CVE-2011-4254, CVE-2011-4255, CVE-2011-4256, CVE-2011-4257, CVE-2011-4258, CVE-2011-4259, CVE-2011-4260, CVE-2011-4261, CVE-2011-4262

... vulnerabilities are reported in the versions 14.0.7 and prior.

Solution: Upgrade to version 15.0.0.

Original Advisory:

http://service.real.com/realplayer/security/11182011_player/en/

 

Mac RealPlayer v12.0.0.1703 released

- https://secunia.com/advisories/46963/

Release Date: 2011-11-21

Criticality level: Highly critical

Impact: System access

Where: From remote

... vulnerabilities are reported in versions 12.0.0.1701 and prior.

Solution: Update to version 12.0.0.1703.

Original Advisory:

http://service.real.com/realplayer/security/11182011_player/en/

 

:ph34r: :ph34r:

Edited by AplusWebMaster

Share this post


Link to post
Share on other sites

FYI...

 

RealPlayer v15.0.2.71 released

- https://secunia.com/advisories/47896/

Criticality level: Highly critical

Impact: System access

Where: From remote

CVE Reference(s): CVE-2012-0922, CVE-2012-0923, CVE-2012-0924, CVE-2012-0925, CVE-2012-0926, CVE-2012-0927

... vulnerabilities are reported in version 15.0.1.13 and prior.

Solution: Update to version 15.0.2.71.

Original Advisory: RealPlayer:

http://service.real.com/realplayer/security/02062012_player/en/

 

- http://www.securitytracker.com/id/1026643

Date: Feb 7 2012

CVE Reference:

- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0922 - 9.3 (HIGH)

- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0923 - 9.3 (HIGH)

- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0924 - 9.3 (HIGH)

- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0925 - 9.3 (HIGH)

- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0926 - 9.3 (HIGH)

- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0927 - 9.3 (HIGH)

- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0928 - 9.3 (HIGH)

Impact: Execution of arbitrary code via network, User access via network

Version(s): 15.0.1.13 and prior versions; 12.0.0.1701 for Mac

Impact: A remote user can create a file that, when loaded by the target user, will execute arbitrary code on the target user's system.

Solution: The vendor has issued a fix (15.02.71; 12.0.0.1703 for Mac).

The vendor's advisory is available at:

- http://service.real.com/realplayer/security/02062012_player/en/

 

:!: :ph34r:

Edited by AplusWebMaster

Share this post


Link to post
Share on other sites

FYI...

 

RealPlayer Enterprise v2.1.8 released

- https://secunia.com/advisories/48868/

Release Date: 2012-04-16

Criticality level: Highly critical

Impact: System access

Where: From remote

CVE Reference(s): CVE-2011-4245, CVE-2011-4246, CVE-2011-4247, CVE-2011-4249, CVE-2011-4250, CVE-2011-4252, CVE-2011-4256, CVE-2011-4258, CVE-2011-4261

... more information: https://secunia.com/advisories/46954/

Original Advisory: RealPlayer:

http://service.real.com/realplayer/security/11182011_player/en/

http://service.real.com/realplayer/security/02062012_player/en/

... vulnerabilities are reported in versions prior to 2.1.8.

Solution: Update to version 2.1.8...

Original Advisory:

http://helixproducts.real.com/docs/security/SecurityUpdate04062012RPE.pdf

 

:!: :ph34r:

Share this post


Link to post
Share on other sites

FYI...

 

RealPlayer v15.0.4.53 released

- https://secunia.com/advisories/49193/

Release Date: 2012-05-16

Criticality level: Highly critical

Impact: System access

Where: From remote

CVE Reference(s): CVE-2012-1904, CVE-2012-2406, CVE-2012-2411

... vulnerabilities are reported in versions 15.0.3.37 and prior.

Solution: Update to version 15.0.4.53.

Original Advisory:

http://service.real.com/realplayer/security/05152012_player/en/

 

- https://real.custhelp.com/app/answers/detail/a_id/8878/related/1

 

- http://www.real.com/realplayer

 

- http://h-online.com/-1578444

17 May 2012

 

:!: :ph34r:

Edited by AplusWebMaster

Share this post


Link to post
Share on other sites

FYI...

 

Realplayer v15.0.6.14 released

- https://secunia.com/advisories/50566/

Release Date: 2012-09-10

Criticality level: Highly critical

Impact: System access

Where: From remote

CVE Reference(s): CVE-2012-2407, CVE-2012-2408, CVE-2012-2409, CVE-2012-2410, CVE-2012-3234

... vulnerabilities are reported in versions 15.0.2.72 and prior.

Solution: Update to version 15.0.3.37 or later.

Original Advisory: http://service.real.com/realplayer/security/09072012_player/en/

Updated September 7, 2012 - current version RealPlayer 15.0.6.14

 

Mac RealPlayer v12.0.1.1750 released

- https://secunia.com/advisories/50580/

Release Date: 2012-09-10

Criticality level: Highly critical

Impact: System access

Where: From remote

CVE Reference(s): CVE-2012-2407, CVE-2012-2408, CVE-2012-2409, CVE-2012-2410, CVE-2012-3234

... vulnerabilities are reported in versions 12.0.0.1701 and prior.

Solution: Update to version 12.0.1.1750.

Original Advisory: http://service.real.com/realplayer/security/09072012_player/en/

Updated September 7, 2012 - current version Mac RealPlayer 12.0.1.1750

 

:!: :ph34r:

Share this post


Link to post
Share on other sites

FYI...

 

RealPlayer v16.0.0.282 released

- https://secunia.com/advisories/51589/

Release Date: 2012-12-17

Criticality level: Highly critical

Impact: System access

Where: From remote

CVE Reference(s): CVE-2012-5690, CVE-2012-5691

... vulnerabilities are reported in version 15.0.6.14 and prior.

Solution: Upgrade to version 16.0.0.282.

Original Advisory: http://service.real....2012_player/en/

 

- http://www.securitytracker.com/id/1027893

CVE Reference: CVE-2012-5690, CVE-2012-5691

Dec 17 2012

Impact: Execution of arbitrary code via network, User access via network

Version(s): 14.0.0 – 15.0.6.14

Impact: A remote user can create a file that, when loaded by the target user, will execute arbitrary code on the target user's system.

Solution: The vendor has issued a fix (16.0.0.282).

 

:ph34r: :ph34r:

Edited by AplusWebMaster

Share this post


Link to post
Share on other sites

FYI...

RealPlayer v16.0.1.18 released
- https://secunia.com/advisories/52692/
Release Date: 2013-03-18
Criticality level: Highly critical
Impact: System access
Where: From remote ...
CVE Reference: CVE-2013-1750
... vulnerability is reported in versions prior to 16.0.1.18.
Solution: Update to version 16.0.1.18.
Original Advisory: http://service.real.com/realplayer/security/03152013_player/en/

:ph34r:

Share this post


Link to post
Share on other sites

FYI...

RealPlayer v16.0.3.51 released
- https://secunia.com/advisories/54621/
Release Date: 2013-08-26
Criticality: Highly Critical
Where: From remote
Impact: System access
CVE Reference(s): CVE-2013-4973, CVE-2013-4974
...vulnerabilities are reported in versions 16.0.2.32 and prior.
Solution: Update to version 16.0.3.51.
Original Advisory: http://service.real.com/realplayer/security/08232013_player/en/

:ph34r: :ph34r:

Share this post


Link to post
Share on other sites

FYI...

RealPlayer 17.0.4.61 released
- https://secunia.com/advisories/56219/
Release Date: 2013-12-23
Criticality: Highly Critical
Where: From remote
Impact: System access
CVE Reference: CVE-2013-6877
... vulnerability is reported in versions 17.0.2.206 and prior.
Solution: Update to version 17.0.4.61.
Original Advisory: RealPlayer:
- http://service.real.com/realplayer/security/12202013_player/en/

:ph34r: :ph34r:

Share this post


Link to post
Share on other sites

FYI...

RealPlayer 17.0.10.8 released
- http://service.real.com/realplayer/security/06272014_player/en/
June 27, 2014 - "... product upgrades that contain security bug fixes... summary of which previous and current versions of the RealPlayer software are susceptible to these vulnerabilities... Affected software: Windows RealPlayer 17.0.8.22 and prior..."

- http://www.securitytracker.com/id/1030524
CVE Reference: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3113 - 9.3 (HIGH)
Jul 4 2014
Impact: Execution of arbitrary code via network, User access via network
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 17.0.8.22 and prior...
Solution: The vendor has issued a fix (17.0.10.8)...

:ph34r:

Edited by AplusWebMaster

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now