Excerpt from my SANS email: 04.23.27 CVE: Not Available Platform: Cross Platform Title: RealNetworks RealPlayer Remote Buffer Overflows Description: RealPlayer is a media player for multiple operating systems, including Windows, Linux and Mac OS. It has been reported that multiple buffer overflows exist across multiple RealPlayer software packages. RealNetworks has released multiple product updates to remedy this issue. Ref: http://www.service.real.com/help/faq/security/040610_player/EN/ The specific exploit were: To fashion RAM files which corrupt the Player and which might allow an attacker to execute arbitrary code on a user's machine. Multiple issues were reported in this area. I didn't see a specific link for Linux upgrades. They may not even have one.. who knows, but I figured it was worthy of a bug to at least be looked into.
Realplayer is currently masked for security reasons (bug #40469) We are investigating whether the latest build we have is vulnerable to this (new) bug.
This bug does not affect RP8 for Linux or the new RP10 for Linux (which is in beta). Linux was not mentioned in the security fix release because it was not affected.
Thanks very much Vikram. Closing this one as INVALID.
