RealNetworks, Inc. Releases Update to Address Security Vulnerabilities. Updated February 6, 2012 RealNetworks is making available product upgrades that contain security bug fixes. We have received no reports of any machines actually being compromised as a result of the now-remedied vulnerabilities. RealNetworks always recommends upgrading your product to the most current version available to avoid security vulnerabilities. Current Software The current versions of our Player software are not affected by these vulnerabilities. Software Affected? Operating System Language RealPlayer 15.02.71 No Windows XP, Vista, Win7 All Supported Affected Software The table below contains a summary of which previous and current versions of the RealPlayer software are susceptible to these vulnerabilities. The columns and cells in green are the versions of each product where the issue has been resolved. CVE Number 11.0 – 11.1 SP 1.0 – 1.1.5 14.0.0 – 14.0.7 15.0.0 – 15.0.1.13 15.02.71 CVE-2012-0922 X X X X . CVE-2012-0924 X X X X . CVE-2012-0926 X X X X . CVE-2012-0927 X X X X . CVE Descriptions CVE-2012-0922 RealNetworks RealPlayer rvrender RMFF Flags Remote Code Execution Vulnerability Affected software: Windows RealPlayer 15.0.1.13 and prior. Credit to Luigi Auriemma for reporting this issue. CVE-2012-0924 RealNetworks RealPlayer VIDOBJ_START_CODE Remote Code Execution Vulnerability Affected software: Windows RealPlayer 15.0.1.13 and prior. Credit to Luigi Auriemma for reporting this issue. CVE-2012-0926 RealNetworks RealPlayer RV10 Encoded Height/Width Remote Code Execution Vulnerability Affected software: Windows RealPlayer 15.0.1.13 and prior. Credit to Dan Rosenberg of Virtual Security Research, Damian Put for reporting this issue. CVE-2012-0927 RealNetworks RealPlayer RealAudio coded_frame_size Remote Code Execution Vulnerability Affected software: Windows RealPlayer 15.0. Credit to Luigi Auriemma for reporting this issue.