Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT Security Bulletin ASB-2013.0105 RealNetworks, Inc. Releases Update to Address Security Vulnerabilities. 27 August 2013 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: RealNetworks RealPlayer Operating System: Windows OS X Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction Denial of Service -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2013-4974 CVE-2013-4973 Member content until: Thursday, September 26 2013 OVERVIEW Vulnerabilities have been identified in Windows RealPlayer prior to version 16.0.3.51 and Mac RealPlayer prior to 12.0.1.1738. [1] IMPACT The vendor has provided the following description regarding these issues: "CVE-2013-4973 RealPlayer - Stack buffer overflow in Player when handling filenames in RMP Affected software: Windows RealPlayer 16.0.2.32 and prior. Credit to hamburgers maccoy for reporting this issue. CVE-2013-4974 RealPlayer - RM Memory corruption vulnerability when parsing a malformed RealMedia file Affected software: Windows RealPlayer 16.0.2.32 and prior. Credit to Jeremy Brown of Microsoft and MSVR for reporting this issue." [1] MITIGATION The vendor recommends updating to the latest version of RealPlayer to correct these issues. [1] REFERENCES [1] RealNetworks, Inc. Releases Update to Address Security Vulnerabilities. http://service.real.com/realplayer/security/08232013_player/en/ AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBUhweRxLndAQH1ShLAQLRHQ//cW6aO86tt0Ytj1LsvaHRl+NNNrFNDQqp Bx2PTPmN88TVBidFqenGgX5bg5TMMxa8Kd9uRB00A2GeeoRU7KNzge8Jrihj5Pe0 3t/a0hJWxWYjxSlDZeDDRnSZRcZnpCKiGVhDak8aB+pKmEKWkqzZVIcu8ve1ecma NcJo6o/ffb4BEsD/YQNLxoDl15efM3SM/I2Dgl3HhRHmT/galYttXUiH/SNMcnVX JNMFrn89oyWpQzXKoDIs/DoZccsGU/VNpCioYjMBSKgD/Na3OrQw62LgN2kZJ3dG x/F6gy8XAYqko7fyv7LAS4Dg5xwfUi9ppqXLkdjzWig5bti7S8xc91RFU6IRwFgZ W9A5/HnCj23AKiBt5VlcTIW0bnLSdfZ6RLxAJzPoJh5HMZYLRlKd+9aOKNDM/fUb ZKruz9SDEMLbaLWj+h/VA8U+i1UcjTa7dmzvbAD5gZmeyi543wRR2JnwOzmNUAyK LSCJPctrvu/MKOQRxP9kn8MnI9vlT9LoBbZGm4mBEjyrxQ5Wr455NhXu9pcYo4i0 XzNq7nSlPPwrzQDjucKmGQNDBERhlCAcW9FH3tcM1hNMmyVkUTC5iOuhkc0O2pZS 3REV0VBXBEvQSkbF+nFuxE0i7g7uKNE6nEg6urlF09gKsa55fjWfX2IscsN1Omnn Ifk+GRz6UFw= =7uPu -----END PGP SIGNATURE-----