Digital media frontrunner RealNetworks
has issued a
warning for a root exploit vulnerability in its Helix Universal Server 9
The security flaw could potentially allow attackers to gain system access and execute arbitrary code, according to an alert from RealNetworks.
Independent security consultants Secunia has tagged a 'highly critical' rating on the vulnerability, which affects RealServer G2, RealSystem Server 7, RealSystem Server 8 and the Helix Universal Server 9.x.https://o1.qnsr.com/log/p.gif?;n=203;c=204650394;s=9477;x=7936;f=201801171506010;u=j;z=TIMESTAMP;a=20392931;e=iThe flaw exists in the way the "vsrcplin.so" and "vsrcplin.dll" plugins handle long requests. As a temporary workaround, RealNetworks said users should remove the View Source plug-in from the /Plugins directory and restart the server process.
"Removal of this plug-in will not hinder on-demand or live streaming delivery or logging and authentication services of the product. With the plug-in removed however, the Content Browsing feature will be disabled," the company explained. A patched version of the Helix Universal Server will be released soon.
The Helix Universal Server, which is a key component of the company's strategy to embrace open-source developers, provides support for live and on-demand delivery of all major file formats (including Real Media, Windows Media, QuickTime, MPEG 4 and MP3).
Separately, RealNetworks reported a security hole in its flagship RealOne Player which can be exploited by attackers to execute arbitrary code.
The vulnerability, which carries a 'moderately critical' rating, affects the RealOne Player, RealOne Enterprise Desktop and RealOne Desktop Manager.
RealNetworks said the vulnerability is caused due to an unspecified error
in the handling of SMIL
A new version of the RealOne Player is available via the "Check for Update" feature. Fixed version of the RealOne Desktop Manager and RealOne Enterprise Desktop have also been released.