Article

'Highly critical' flaws fixed in RealPlayer

Bill Brenner
'

RealNetworks Inc. recommends users download updates it released to patch multiple security holes in RealOne Player, RealPlayer and Helix Player. An attacker could use the vulnerabilities to launch malicious code and delete

    Requires Free Membership to View

files.

"RealNetworks Inc. has recently been made aware of security vulnerabilities that could potentially allow an attacker to run arbitrary or malicious code on a user's machine," the company said in its advisory. "While we have not received reports of anyone actually being attacked with this exploit, all security vulnerabilities are taken very seriously by RealNetworks Inc. Real has found and fixed the problem."

Copenhagen, Denmark-based security firm Secunia called the vulnerabilities "highly critical" in its advisory and described them as:

  • An unspecified error when running local .rm files that could be exploited to execute arbitrary code. This has been reported in RealPlayer 8, 10, 10.5 Beta and 10.5 on Enterprise and Windows; RealOne Player versions 1 and 2 on Windows; Mac RealPlayer 10 Beta and Mac RealOne Player; and Linux RealPlayer 10 and Helix Player on Linux.
  • A problem with malformed calls that can be exploited to execute arbitrary code by embedding the player on a malicious Web site and making specially crafted calls. This has been reported in RealPlayer 10, 10.5 Beta; 10.5 and RealOne Player versions 1 and 2 on Windows.
  • An unspecified error that allows malicious Web sites and media files to delete arbitrary local files. This has been reported in RealPlayer 10, 10.5 Beta; 10.5 and RealOne Player versions 1and 2 on Windows.

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: