Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT Security Bulletin ASB-2013.0040 RealNetworks, Inc. Releases Update to Address Security Vulnerabilities. 19 March 2013 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: RealNetworks RealPlayer Operating System: Windows Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction Denial of Service -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2013-1750 Member content until: Thursday, April 18 2013 OVERVIEW A vulnerability has been identified in Windows RealPlayer prior to version 16.0.1.18. [1] IMPACT The vendor has provided the following description regarding this issue: "CVE-2013-1750 RealPlayer - Heap overflow when playing a malformed MP4 Affected software: Windows RealPlayer 16.0.0.0 and prior. Credit to Dehui Yin of Fortinet's FortiGuard Global Security Research Team for reporting this issue." [1] MITIGATION The vendor recommends updating to the latest version of Windows RealPlayer to correct this issue. [1] REFERENCES [1] RealNetworks, Inc. Releases Update to Address Security Vulnerabilities. http://service.real.com/realplayer/security/03152013_player/en/ AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBUUfKRO4yVqjM2NGpAQKqcw/8DKADz7iRKkY6+Mtl9tLft3zez/J2Z9PV 6DjXSJRXh7FNiWQffDmM+u2E1RlQJPRELFFyhr3LIyRPf8F+hQyZ3hWjfyejPAeZ S7NVuD8SXIb0qkjefOCFNLWVLJPqPKAFRXESUiQg/1hqZ8ylJBIwbth2IgXS8Ruw sgsg5CU8KnXjLOm/rwNabyrIUOmrcwigmhWe8js1WL0LY1XRQ3rdTh7LWWmEdtGK 87XpEK9piiC22EYwt0VVy5yuvOhJ6amJmtlW/9MXnoVeJN6OCvgF6xJaqo41tbGC 4gPSwMa/pZtPIr3dr3cZgc1TCZ5zGuc/FiE9g1P6EzW0bv7WaA7mT6BpTYZZTSqZ cuxMIco0U2CeZQJIWxdhL9fBNN1dLTJcpjUYON9F4tTfpEmKlplYQZtmGDUMtvJE LObjfynx3+1Xs4nHYARGaVpGJPU3FpiVrsyxQRfpw/QQ9614mqWB1LOmV5fwtt5H lYZpoXo/b6XlKDzK69GH+g6FCRhXWGN3MX9l1Ke7UhFhFWKJfjGYdJ4knRp6z0K/ 7ZZfROeNQO7pzAoYJaRb5QRjv8oViKJsb8kboGBAHDk08UqzSubA/AG8OL7vol0O 3iHCLjWYKLfU5WVyys5meBg8R1eln77tZni7g874p/B3xLLflvF0AUAI1CBWXNVW 4T/Egu7eICg= =hmuw -----END PGP SIGNATURE-----