Date: April 21, 2005
Subject: RealPlayer Security Flaw

On Wednesday, April 20, 2005, RealNetworks Inc. released updates for several versions of its popular RealPlayer multi-media software. RealPlayer is among the more popular media players and allows computer users to view a wide variety of video and audio information on their PCs. The update corrects a flaw in RealPlayer that could allow an attacker to install and run malicious software on systems that do not have the update installed. Most versions of the RealPlayer software are affected by the flaw.

To update your installation of RealPlayer please follow the steps below (those of you who have not installed the RealPlayer software need not concern yourselves with this flaw):

     1/ Start RealPlayer by clicking on its icon on the Desktop or in the Start Menu

     2/ Click on the "Tools" menu item on the RealPlayer menu bar

     3/ Click on "Check for Updates" on the Tools sub-menu

     4/ It is possible that many updates will be listed, you will only need to install the security updates to protect your system from this flaw

With the release of this bulletin ELM neither endorses nor condemns the use of streaming media players on PCs in the workplace. We realize, however, that many of our clients make use of such tools on a daily basis for various reasons and wish to ensure that these users have as secure an environment as possible.

As always, please do not hesitate to contact me if you have any questions about this or any other issue.

If you have an associate who you think would also appreciate receiving these bulletins please let me know (with their approval) and I will add them to the bulletin mailing list. Please feel free to forward these bulletins to anyone you wish. If you no longer wish to receive these bulletins, or if you received this bulletin by mistake please send me an email with "Please remove me" in the subject line and I will take your name off of the bulletin mailing list.