Friday, August 27, 2010

RealPlayer, fixes various vulnerabilites.

Today there's a new version of RealPlayer that fixes a bunch of critical vulnerabilies. The latest version is, although it's not always straightforward. One of the vulnerabilities is is CVE-20and I'm trying to understand this snippet10-2996, which was fixed today, but was reported 16 months ago:
  • 2009-04-15 - Vulnerability reported to vendor
  • 2010-08-26 - Coordinated public release of advisory
Overall, the vulnerabilites fixed in this version are:
Secbrowsing can help you get the latest version. Disabling the plugin is also an option