LANDesk Patch News Bulletin: RealPlayer Update for Windows 29-OCT-2007

Version 1

    LANDesk Security and Patch News

    Headlines

    (October 29, 2007) RealNetworks has released a product upgrade that contains security bug fixes. Please visit the following page for more details:

     

    http://service.real.com/realplayer/security/10252007_player/en/

     

    New Vulnerabilities

    Vulnerability ID – REALPLAYER_20071025_UPDATE_ENU

     

    Reason : RealNetworks Realplayer security update

     

    Changed Vulnerabilities

    N/A

     

    New Patch Downloads

    Detect only

     

    Details for Potential Vulnerabilities:

     

     

    Vulnerability 1:

    The identified vulnerability is a malicious mp3 file which could cause a heap overflow in the RealPlayer. CVE-2007-5080

     

    Vulnerability 2:

    The identified vulnerability is a malicious rm file which could cause a heap overflow in the RealPlayer. CVE-2007-5081

     

    Vulnerability 3:

    The identified vulnerability is a malicious SMIL file which could cause a buffer overflow in the RealPlayer. CVE-2007-3410

     

    Vulnerability 4:

    The identified vulnerability is a malicious swf file (flash media) which could cause a heap overflow on a customer's machine. CVE-2007-2263

     

    Vulnerability 5:

    The identified vulnerability is a malicious ram file which could cause a heap overflow in the RealPlayer. CVE-2007-2264

     

    Vulnerability 6:

    The identified vulnerability is a malicious pls file which could cause a stack overflow in the RealPlayer. CVE-2007-4599

     

     

    Where to Send Feedback

     

     

    At LANDesk, we are constantly striving to improve our products and services and hope you find these changes reflective of our ongoing commitment to listen to you—our partners and customers—in providing the best possible solutions to meet your needs now and in the future.  Please continue to provide feedback by contacting our local support organization.

     

    Best regards,

     

    LANDesk Product Support

     

     

    Copyright © 2006 LANDesk Software.  All rights reserved. LANDesk is either a registered trademark or trademark of LANDesk Software, Ltd. or its affiliated entities in the United States and/or other countries. Other names or brands may be claimed as the property of others.

     

     

    Information in this document is provided for information purposes only.  The information presented here is subject to change without notice.  This information is not warranted to be error-free, nor subject to any other warranties or conditions, whether expressed orally or implied in law, including any implied warranties and conditions of merchantability or fitness for a particular purpose. LANDesk disclaims any liability with respect to this document and LANDesk has no responsibility or liability for any third party products of any content contained on any site referenced herein.  This document may not be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without our prior written permission. For the most current product information, please visit http://www.landesksoftware.com.