[33609] in bugtraq
Scope of latest RealPlayer vuln
daemon@ATHENA.MIT.EDU (Simon Brady)
Wed Feb 11 12:17:08 2004
Date: Wed, 11 Feb 2004 15:18:47 +1300 (NZDT)
From: Simon Brady <simon.brady@otago.ac.nz>
To: bugtraq@securityfocus.com
Message-ID: <Pine.LNX.4.44.0402111505360.915-100000@xiongmao.otago.ac.nz>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
The Real Security Update notice at
http://service.real.com/help/faq/security/040123_player/EN/
gives a download URL for the English RealPlayer v2 (build 6.0.11.872) and
instructs users of localised v2 players to use the Check for Updates menu
option in the product.
Just for fun, I tried Check for Updates from my previous v2 player
(English 6.0.11.868), but it only gave me the option of upgrading to
RealPlayer 10 Beta. Does this mean that .868 is also not vulnerable, or
are Real relying on users of English v2 players to read the above notice?
What good is Check for Updates to these people if it doesn't report the
existence of .872?
Does anyone (NGSS?) have a list of precisely which versions are and aren't
vulnerable? IMAO the Real notice is hopelessly vague on this.
--
Simon Brady mailto:simon.brady@otago.ac.nz
ITS Technical Services
University of Otago, Dunedin, New Zealand
