News: Cexx forums, with volunteers dedicated to helping you remove malware and stay protected
 
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
October 24, 2014, 15:48:31
Pages: [1] 2   Go Down
  Print  
Topic: RealPlayer vulns - update available  (Read 4413 times)
0 Members and 1 Guest are viewing this topic.
« on: January 22, 2010, 09:33:16 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8351



FYI...

RealPlayer multiple vulns - update available
- http://secunia.com/advisories/38218/2/
Release Date: 2010-01-20
Critical: Highly critical
Impact: DoS, System access
Where: From remote
Solution Status: Vendor Patch
Software: Helix Player 1.x, Helix Player 11.x, RealPlayer 10.x, RealPlayer 11.x, RealPlayer Enterprise 1.x, RealPlayer SP 1.x
Solution: Update to the latest version. Please see the vendor's advisory for details:
http://service.real.com/realplayer/security/01192010_player/en/
- http://atlas.arbor.net/briefs/index#-654730286
February 15, 2010 - "High Severity... Analysis: This is a high severity risk that we encourage all sites to remedy as soon as possible..."

- http://secunia.com/advisories/38218/3/
CVE reference: CVE-2009-0375, CVE-2009-0376, CVE-2009-4241, CVE-2009-4242, CVE-2009-4243, CVE-2009-4244, CVE-2009-4245, CVE-2009-4246, CVE-2009-4247, CVE-2009-4248, CVE-2009-4257

- http://www.us-cert.gov/current/archive/2010/01/29/archive.html#realnetworks_inc_releases_updates_to
January 22, 2010

 Exclamation
« Last Edit: February 20, 2010, 01:30:07 by AplusWebMaster » Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #1 on: August 27, 2010, 01:22:16 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8351



FYI...

RealPlayer SP version 1.1.5 released
- http://secunia.com/advisories/41154/
Release Date: 2010-08-27
Criticality level: Highly critical
Impact:   System access
Where: From remote
Software: RealPlayer 11.x
CVE Reference(s): CVE-2010-0116, CVE-2010-0117, CVE-2010-0120, CVE-2010-2996, CVE-2010-3000, CVE-2010-3001, CVE-2010-3002
... The vulnerabilities are reported in version 11.1 and prior.
- http://secunia.com/advisories/41096/
... The vulnerabilities are reported in version 1.1.4 and prior.
Solution: Upgrade to RealPlayer SP version 1.1.5.
Original Advisory: RealNetworks:
http://service.real.com/realplayer/security/08262010_player/en/

- http://securitytracker.com/alerts/2010/Aug/1024370.html
Aug 27 2010

Real Alternative 2.02
- http://filehippo.com/download_real_alternative/
"... latest version contains: Media Player Classic - a freeware media player that supports both Real Alternative and QuickTime Alternative..."

Test: http://www.baseball-almanac.com/carlin.ram

 Exclamation
« Last Edit: August 30, 2010, 14:13:37 by AplusWebMaster » Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #2 on: October 18, 2010, 04:03:10 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8351



FYI...

RealPlayer v2.1.3 released
- http://secunia.com/advisories/41743/
Release Date: 2010-10-18
Criticality level: Highly critical
Impact: System access
Solution Status: Vendor Patch ...
CVE Reference(s): CVE-2010-2578, CVE-2010-3747, CVE-2010-3748, CVE-2010-3750
Solution: Update to version 2.1.3.
Original Advisory: RealNetworks:
http://service.real.com/realplayer/security/10152010_player/en/

- http://securitytracker.com/alerts/2010/Oct/1024598.html
Oct 18 2010

 Exclamation
« Last Edit: October 19, 2010, 06:09:41 by AplusWebMaster » Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #3 on: December 13, 2010, 06:26:33 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8351



FYI...

RealPlayer v14.0.0 released
- http://www.securitytracker.com/id?1024861
Dec 10 2010
Version: prior to 14.0.0
Description: Multiple vulnerabilities were reported in RealPlayer. A remote user can cause arbitrary code to be executed on the target user's system.
A remote user can create specially crafted content that, when loaded by the target user, will execute arbitrary code on the target system. The code will run with the privileges of the target user. RealPlayer Enterprise is also affected...
CVE Reference: CVE-2010-0121, CVE-2010-0125, CVE-2010-2579, CVE-2010-2997, CVE-2010-2999, CVE-2010-4375, CVE-2010-4376, CVE-2010-4377, CVE-2010-4378, CVE-2010-4379, CVE-2010-4380, CVE-2010-4381, CVE-2010-4382, CVE-2010-4383, CVE-2010-4384, CVE-2010-4385, CVE-2010-4386, CVE-2010-4387, CVE-2010-4388, CVE-2010-4389, CVE-2010-4390, CVE-2010-4391, CVE-2010-4392, CVE-2010-4394, CVE-2010-4395, CVE-2010-4396, CVE-2010-4397

- http://service.real.com/realplayer/security/12102010_player/en/
December 10, 2010

- http://www.h-online.com/security/news/item/Overdue-patches-published-for-RealPlayer-1151696.html
12 December 2010, 22:39 - "... Those who still use a vulnerable RealPlayer should install the update immediately or take the opportunity to uninstall the program if it is no longer in use. If left unpatched, it is a serious security risk."

 Exclamation
« Last Edit: December 15, 2010, 07:04:16 by AplusWebMaster » Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #4 on: January 28, 2011, 02:01:30 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8351



FYI...

RealPlayer v14.0.2 released
- http://secunia.com/advisories/43098/
Release Date: 2011-01-28
Criticality level: Highly critical
Solution Status: Vendor Patch
Software: RealPlayer 11.x, RealPlayer 14.x, RealPlayer SP 1.x
CVE Reference: CVE-2010-4393
...The vulnerability is reported in versions 14.0.1 and prior, SP 1.1.5 and prior, and 11.1 and prior.
Solution: Update to version 14.0.2.
Original Advisory: RealNetworks:
http://service.real.com/realplayer/security/01272011_player/en/

- http://www.securitytracker.com/id/1024998
Jan 28 2011

> http://www.real.com/

- http://secunia.com/advisories/43268/
Release Date: 2011-02-09
Criticality level: Highly critical
Solution: Update to version 14.0.2 and 2.1.5 (build 6.0.12.1830).
Original Advisory: RealPlayer:
http://service.real.com/realplayer/security/02082011_player/en/
http://docs.real.com/docs/security/SecurityUpdate020811RPE.pdf

 Exclamation
« Last Edit: February 09, 2011, 06:55:09 by AplusWebMaster » Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #5 on: April 14, 2011, 01:18:24 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8351



FYI...

RealPlayer v14.0.3 released
- http://service.real.com/realplayer/security/04122011_player/en/
April 12, 2011
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1426
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1525
Last revised: 04/21/2011
CVSS v2 Base Score: 9.3 (HIGH)
Affected Software: Windows RealPlayer 14.0.2 and prior...

- http://secunia.com/advisories/43847/
Last Update: 2011-04-13
Criticality level: Highly critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch
Solution: Update to version 14.0.3...

- http://www.securitytracker.com/id/1025351
Apr 13 2011
Impact: Execution of arbitrary code via network, User access via network
Fix Available: Yes  Vendor Confirmed: Yes  
Version(s): prior to 14.0.3
Description: A vulnerability was reported in RealPlayer. A remote user can cause arbitrary code to be executed on the target user's system...

> http://www.real.com/

 Exclamation
« Last Edit: July 23, 2011, 04:17:08 by AplusWebMaster » Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #6 on: August 17, 2011, 02:38:58 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8351



FYI...

RealPlayer v14.0.6 released
- http://service.real.com/realplayer/security/08162011_player/en/
August 16, 2011

RealPlayer
- http://www.securitytracker.com/id/1025943
Aug 17 2011
CVE Reference: CVE-2011-2945, CVE-2011-2946, CVE-2011-2947, CVE-2011-2948, CVE-2011-2949, CVE-2011-2950, CVE-2011-2951, CVE-2011-2952, CVE-2011-2953, CVE-2011-2954, CVE-2011-2955
Impact: Execution of arbitrary code via network, User access via network
Version(s): prior to 14.0.6

RealPlayer Enterprise
- http://www.securitytracker.com/id/1025944
Aug 17 2011
CVE Reference: CVE-2011-2947, CVE-2011-2948, CVE-2011-2949, CVE-2011-2952, CVE-2011-2955
Impact: Execution of arbitrary code via network, User access via network
Version(s): 2.0 2.1.5
Solution: The vendor has issued a fix (2.1.6).

 Exclamation
Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #7 on: November 21, 2011, 05:20:13 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8351



FYI...

RealPlayer v15.0.0 released
- https://secunia.com/advisories/46954/
Release Date: 2011-11-21
Criticality level: Highly critical
Impact: System access
Where: From remote
CVE Reference(s): CVE-2011-4244, CVE-2011-4245, CVE-2011-4246, CVE-2011-4247, CVE-2011-4248, CVE-2011-4249, CVE-2011-4250, CVE-2011-4251, CVE-2011-4252, CVE-2011-4253, CVE-2011-4254, CVE-2011-4255, CVE-2011-4256, CVE-2011-4257, CVE-2011-4258, CVE-2011-4259, CVE-2011-4260, CVE-2011-4261, CVE-2011-4262
... vulnerabilities are reported in the versions 14.0.7 and prior.
Solution: Upgrade to version 15.0.0.
Original Advisory:
http://service.real.com/realplayer/security/11182011_player/en/

Mac RealPlayer v12.0.0.1703 released
- https://secunia.com/advisories/46963/
Release Date: 2011-11-21
Criticality level: Highly critical
Impact: System access
Where: From remote
... vulnerabilities are reported in versions 12.0.0.1701 and prior.
Solution: Update to version 12.0.0.1703.
Original Advisory:
http://service.real.com/realplayer/security/11182011_player/en/

 Exclamation
« Last Edit: November 21, 2011, 06:19:04 by AplusWebMaster » Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #8 on: February 07, 2012, 05:21:51 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8351



FYI...

RealPlayer v15.0.2.71 released
- https://secunia.com/advisories/47896/
Criticality level: Highly critical
Impact: System access
Where: From remote
CVE Reference(s): CVE-2012-0922, CVE-2012-0923, CVE-2012-0924, CVE-2012-0925, CVE-2012-0926, CVE-2012-0927
... vulnerabilities are reported in version 15.0.1.13 and prior.
Solution: Update to version 15.0.2.71.
Original Advisory: RealPlayer:
http://service.real.com/realplayer/security/02062012_player/en/

- http://www.securitytracker.com/id/1026643
Date: Feb 7 2012
CVE Reference:
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0922 - 9.3 (HIGH)
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0923 - 9.3 (HIGH)
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0924 - 9.3 (HIGH)
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0925 - 9.3 (HIGH)
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0926 - 9.3 (HIGH)
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0927 - 9.3 (HIGH)
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0928 - 9.3 (HIGH)
Impact: Execution of arbitrary code via network, User access via network
Version(s): 15.0.1.13 and prior versions; 12.0.0.1701 for Mac
Impact: A remote user can create a file that, when loaded by the target user, will execute arbitrary code on the target user's system.
Solution: The vendor has issued a fix (15.02.71; 12.0.0.1703 for Mac).
The vendor's advisory is available at:
- http://service.real.com/realplayer/security/02062012_player/en/

 Exclamation
« Last Edit: February 12, 2012, 05:36:51 by AplusWebMaster » Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #9 on: April 16, 2012, 03:41:31 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8351



FYI...

RealPlayer Enterprise v2.1.8 released
- https://secunia.com/advisories/48868/
Release Date: 2012-04-16
Criticality level: Highly critical
Impact: System access
Where: From remote
CVE Reference(s): CVE-2011-4245, CVE-2011-4246, CVE-2011-4247, CVE-2011-4249, CVE-2011-4250, CVE-2011-4252, CVE-2011-4256, CVE-2011-4258, CVE-2011-4261
... more information: https://secunia.com/advisories/46954/
Original Advisory: RealPlayer:
http://service.real.com/realplayer/security/11182011_player/en/
http://service.real.com/realplayer/security/02062012_player/en/
... vulnerabilities are reported in versions prior to 2.1.8.
Solution: Update to version 2.1.8...
Original Advisory:
http://helixproducts.real.com/docs/security/SecurityUpdate04062012RPE.pdf

 Exclamation
Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #10 on: May 16, 2012, 06:00:39 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8351



FYI...

RealPlayer v15.0.4.53 released
- https://secunia.com/advisories/49193/
Release Date: 2012-05-16
Criticality level: Highly critical
Impact: System access
Where: From remote
CVE Reference(s): CVE-2012-1904, CVE-2012-2406, CVE-2012-2411
... vulnerabilities are reported in versions 15.0.3.37 and prior.
Solution: Update to version 15.0.4.53.
Original Advisory:
http://service.real.com/realplayer/security/05152012_player/en/

- https://real.custhelp.com/app/answers/detail/a_id/8878/related/1

- http://www.real.com/realplayer

- http://h-online.com/-1578444
17 May 2012

 Exclamation
« Last Edit: May 17, 2012, 05:13:04 by AplusWebMaster » Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #11 on: September 10, 2012, 04:42:36 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8351



FYI...

Realplayer v15.0.6.14 released
- https://secunia.com/advisories/50566/
Release Date: 2012-09-10
Criticality level: Highly critical
Impact: System access
Where: From remote  
CVE Reference(s): CVE-2012-2407, CVE-2012-2408, CVE-2012-2409, CVE-2012-2410, CVE-2012-3234
... vulnerabilities are reported in versions 15.0.2.72 and prior.
Solution: Update to version 15.0.3.37 or later.
Original Advisory: http://service.real.com/realplayer/security/09072012_player/en/
Updated September 7, 2012 - current version RealPlayer 15.0.6.14

Mac RealPlayer v12.0.1.1750 released
- https://secunia.com/advisories/50580/
Release Date: 2012-09-10
Criticality level: Highly critical
Impact: System access
Where: From remote  
CVE Reference(s): CVE-2012-2407, CVE-2012-2408, CVE-2012-2409, CVE-2012-2410, CVE-2012-3234
... vulnerabilities are reported in versions 12.0.0.1701 and prior.
Solution: Update to version 12.0.1.1750.
Original Advisory: http://service.real.com/realplayer/security/09072012_player/en/
Updated September 7, 2012 - current version Mac RealPlayer 12.0.1.1750

 Exclamation
Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #12 on: December 17, 2012, 04:59:36 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8351



FYI...

RealPlayer v16.0.0.282 released
- https://secunia.com/advisories/51589/
Release Date: 2012-12-17
Criticality level: Highly critical
Impact: System access
Where: From remote
CVE Reference(s): CVE-2012-5690, CVE-2012-5691
...  vulnerabilities are reported in version 15.0.6.14 and prior.
Solution: Upgrade to version 16.0.0.282.
Original Advisory: http://service.real.com/realplayer/security/12142012_player/en/

- http://www.securitytracker.com/id/1027893
CVE Reference: CVE-2012-5690, CVE-2012-5691
Dec 17 2012
Impact: Execution of arbitrary code via network, User access via network
Version(s): 14.0.0 15.0.6.14
Impact: A remote user can create a file that, when loaded by the target user, will execute arbitrary code on the target user's system.
Solution: The vendor has issued a fix (16.0.0.282).

 Exclamation
« Last Edit: December 18, 2012, 04:27:31 by AplusWebMaster » Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #13 on: March 18, 2013, 07:54:23 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8351



FYI...

RealPlayer v16.0.1.18 released
- https://secunia.com/advisories/52692/
Release Date: 2013-03-18
Criticality level: Highly critical
Impact: System access
Where: From remote ...
CVE Reference: CVE-2013-1750
... vulnerability is reported in versions prior to 16.0.1.18.
Solution: Update to version 16.0.1.18.
Original Advisory: http://service.real.com/realplayer/security/03152013_player/en/

 Exclamation
Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #14 on: August 26, 2013, 02:46:14 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8351



FYI...

RealPlayer v16.0.3.51 released
- https://secunia.com/advisories/54621/
Release Date: 2013-08-26
Criticality: Highly Critical
Where: From remote
Impact: System access
CVE Reference(s): CVE-2013-4973, CVE-2013-4974
...vulnerabilities are reported in versions 16.0.2.32 and prior.
Solution: Update to version 16.0.3.51.
Original Advisory: http://service.real.com/realplayer/security/08232013_player/en/

 Exclamation
Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
 
Pages: [1] 2   Go Up
  Print  
 
Jump to:  

Powered by SMF 1.1.20 | SMF © 2013, Simple Machines Page created in 0.274 seconds with 18 queries.