RealNetworks issues flaw alert in Helix


RealNetworks issues flaw alert in Helix

RealNetworks has issued a security warning for its customers, after finding a vulnerability in its Helix Universal Server 9 platform.

The vulnerability is a root exploit where certain types of character strings appear in large numbers within the URLs destined for a server’s protocol parsers, the company said.

Along with the Server 9 platform, earlier versions of the server including RealSystem Server 8, 7 and RealServer G2, are also vulnerable to the security flaw, which could see attackers gaining access to users’ systems.

Customers are being told to remove the RealNetworks View Source plug-in from the /Plugins directory - and vsrcplin.dll - and to restart the server process.

The View Source Plug-in is responsible for reading and displaying file format headers of media files accessible to the file systems loaded by the server.

RealNetworks said the removal of the View Source Plug-in would not obstruct live streaming delivery or logging and authentication services but content browsing would be disabled.

While the removal of the View Source Plug-in is what the company calls a work-around for this issue, the company is working towards a more permanent solution by making a new version of the Helix Universal Server, which will be available to all existing customers.

Real’s proxy products are immune to the exploit.

The alert can be found at

Written by IT World Canada staff

Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy