Microsoft is providing notification of the discovery and remediation of multiple vulnerabilities affecting RealNetworks Helix Server software version 14.2.0.212 and earlier. Microsoft discovered and disclosed these vulnerabilities under coordinated vulnerability disclosure to the affected vendor, RealNetworks. RealNetworks has remediated these vulnerabilities in their software.
These vulnerabilities exist in the way that the RealNetworks Helix Server parses page requests. An attacker could exploit these vulnerabilities by injecting malicious script into a page link, and then convincing a user to click the page link. When the page link is clicked, the malicious script could run in the context of the current user.
Microsoft Vulnerability Research reported these issues to and coordinated with RealNetworks to ensure remediation of this issue. These vulnerabilities have been assigned the entry, CVE-2012-1984, in the Common Vulnerabilities and Exposures list. For more information, including information about updates from the RealNetworks, see the April 2, 2012 Security Update for Helix Server and Helix Mobile Server.