[33688] in bugtraq
Re: Scope of latest RealPlayer vuln
daemon@ATHENA.MIT.EDU (Simon Brady)
Fri Feb 13 11:45:49 2004
Date: Fri, 13 Feb 2004 17:42:06 +1300 (NZDT)
From: Simon Brady <simon.brady@otago.ac.nz>
To: bugtraq@securityfocus.com
In-Reply-To: <Pine.LNX.4.44.0402111505360.915-100000@xiongmao.otago.ac.nz>
Message-ID: <Pine.LNX.4.44.0402131737550.3461-100000@xiongmao.otago.ac.nz>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
On Wed, 11 Feb 2004, I wrote:
> The Real Security Update notice at
>
> http://service.real.com/help/faq/security/040123_player/EN/
>
> gives a download URL for the English RealPlayer v2 (build 6.0.11.872) and
> instructs users of localised v2 players to use the Check for Updates menu
> option in the product.
> [...]
> Does anyone (NGSS?) have a list of precisely which versions are and aren't
> vulnerable? IMAO the Real notice is hopelessly vague on this.
The nice people at Real customer support have since provided the following
details:
"Please note that only the latest version of RealOne Player 6.0.11.872
and the RealPlayer 10 version 6.0.12.690 has the security patch
integrated in it."
--
Simon Brady mailto:simon.brady@otago.ac.nz
ITS Technical Services
University of Otago, Dunedin, New Zealand
