Skip to content

Patch available for RealPlayer ActiveX vulnerability

Yesterday I wrote about an arbitrary-code vulnerability in RealPlayer being exploited.

RealNetworks has now issued a patch that apparently remedies the problem.

They have also provided new information regarding the scope of the vulnerability:

  • RealPlayer 10.5 and RealPlayer 11 beta users should install the patch.
  • RealOne Player, RealOne Player v2 and RealPlayer 10 users should first upgrade to RealPlayer 10.5 or RealPlayer 11 beta, and then install the patch.
  • RealPlayer 8 and earlier versions of RealNetworks software for Windows are not affected.
  • Macintosh and Linux versions of RealPlayer are not affected.

According to Symantec, visiting a malicious web page can put your computer at risk even if the player is not running at the time. If you have affected RealNetworks software installed on your workstation, you should probably upgrade urgently.


Post a comment Trackbacks closed RSS 2.0 feed for these comments This entry (permalink) was posted on Saturday, October 20, 2007, at 13:00:15 by Thor Kottelin. Filed in Internetworking, Security.

Post a Comment

Your email is never published nor shared. Required fields are marked *
*
*