'Highly critical' flaws fixed in RealPlayer

An attacker could use multiple vulnerabilities in RealOne Player, RealPlayer and Helix Player to launch malicious code or delete files.

'

RealNetworks Inc. recommends users download updates it released to patch multiple security holes in RealOne Player, RealPlayer and Helix Player. An attacker could use the vulnerabilities to launch malicious code and delete files.

"RealNetworks Inc. has recently been made aware of security vulnerabilities that could potentially allow an attacker to run arbitrary or malicious code on a user's machine," the company said in its advisory. "While we have not received reports of anyone actually being attacked with this exploit, all security vulnerabilities are taken very seriously by RealNetworks Inc. Real has found and fixed the problem."

Copenhagen, Denmark-based security firm Secunia called the vulnerabilities "highly critical" in its advisory and described them as:

  • An unspecified error when running local .rm files that could be exploited to execute arbitrary code. This has been reported in RealPlayer 8, 10, 10.5 Beta and 10.5 on Enterprise and Windows; RealOne Player versions 1 and 2 on Windows; Mac RealPlayer 10 Beta and Mac RealOne Player; and Linux RealPlayer 10 and Helix Player on Linux.
  • A problem with malformed calls that can be exploited to execute arbitrary code by embedding the player on a malicious Web site and making specially crafted calls. This has been reported in RealPlayer 10, 10.5 Beta; 10.5 and RealOne Player versions 1 and 2 on Windows.
  • An unspecified error that allows malicious Web sites and media files to delete arbitrary local files. This has been reported in RealPlayer 10, 10.5 Beta; 10.5 and RealOne Player versions 1and 2 on Windows.
This Content Component encountered an error

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close