Eduardo

**Name of the Vulnerable Software and Affected Versions** RealPlayer versions 11.0 through 11.1 RealPlayer SP versions 1.0 through 1.1.5 RealPlayer versions 14.0.0 through 14.0.1 RealPlayer Enterprise versions 2.0 through 2.1.4 **Description** The issue allows remote attackers to conduct cross-domain scripting attacks and execute arbitrary code via the OpenURLinPlayerBrowser function. This is due to the use of predictable names for temporary files. **Recommendations** For RealPlayer versions 11.0 through 11.1, update to a version outside of this range to resolve the issue. For RealPlayer SP versions 1.0 through 1.1.5, update to a version outside of this range to resolve the issue. For RealPlayer versions 14.0.0 through 14.0.1, update to a version outside of this range to resolve the issue. For RealPlayer Enterprise versions 2.0 through 2.1.4, update to a version outside of this range to resolve the issue. As a temporary workaround, consider disabling the OpenURLinPlayerBrowser function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 5.0.375.70 **Description** A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML. This is related to the `node.innerHTML` property of a `TEXTAREA` element. **Recommendations** For versions prior to 5.0.375.70, update to version 5.0.375.70 or later to resolve the issue. As a temporary workaround, consider restricting the use of the `node.innerHTML` property for `TEXTAREA` elements until a patch is applied.