'Critical' Security Hole in Real's Helix Server
Workarounds are recommended for the root exploit vulnerability which carries a 'highly critical' rating.
Digital media frontrunner RealNetworks
has issued a
warning for a root exploit vulnerability in its Helix Universal Server 9
The security flaw could potentially allow attackers to gain system access and execute arbitrary code, according to an alert from RealNetworks.
Independent security consultants Secunia has tagged a 'highly critical' rating on the vulnerability, which affects RealServer G2, RealSystem Server 7, RealSystem Server 8 and the Helix Universal Server 9.x.
"Removal of this plug-in will not hinder on-demand or live streaming delivery or logging and authentication services of the product. With the plug-in removed however, the Content Browsing feature will be disabled," the company explained. A patched version of the Helix Universal Server will be released soon.
The Helix Universal Server, which is a key component of the company's strategy to embrace open-source developers, provides support for live and on-demand delivery of all major file formats (including Real Media, Windows Media, QuickTime, MPEG 4 and MP3).
Separately, RealNetworks reported a security hole in its flagship RealOne Player which can be exploited by attackers to execute arbitrary code.
The vulnerability, which carries a 'moderately critical' rating, affects the RealOne Player, RealOne Enterprise Desktop and RealOne Desktop Manager.
RealNetworks said the vulnerability is caused due to an unspecified error
in the handling of SMIL
A new version of the RealOne Player is available via the "Check for Update" feature. Fixed version of the RealOne Desktop Manager and RealOne Enterprise Desktop have also been released.