|
||
'Critical' Security Hole in Real's Helix Server
Digital media frontrunner RealNetworks (Quote, Chart) has issued a warning for a root exploit vulnerability in its Helix Universal Server 9 platform. The security flaw could potentially allow attackers to gain system access and execute arbitrary code, according to an alert from RealNetworks. Independent security consultants Secunia has tagged a 'highly critical' rating on the vulnerability, which affects RealServer G2, RealSystem Server 7, RealSystem Server 8 and the Helix Universal Server 9.x. The flaw exists in the way the "vsrcplin.so" and "vsrcplin.dll" plugins handle long requests. As a temporary workaround, RealNetworks said users should remove the View Source plug-in from the /Plugins directory and restart the server process. "Removal of this plug-in will not hinder on-demand or live streaming delivery or logging and authentication services of the product. With the plug-in removed however, the Content Browsing feature will be disabled," the company explained. A patched version of the Helix Universal Server will be released soon. The Helix Universal Server, which is a key component of the company's strategy to embrace open-source developers, provides support for live and on-demand delivery of all major file formats (including Real Media, Windows Media, QuickTime, MPEG 4 and MP3). Separately, RealNetworks reported a security hole in its flagship RealOne Player which can be exploited by attackers to execute arbitrary code. The vulnerability, which carries a 'moderately critical' rating, affects the RealOne Player, RealOne Enterprise Desktop and RealOne Desktop Manager. RealNetworks said the vulnerability is caused due to an unspecified error in the handling of SMIL A new version of the RealOne Player is available via the "Check for Update" feature. Fixed version of the RealOne Desktop Manager and RealOne Enterprise Desktop have also been released. |
||
|