Article

'Highly critical' flaw in RealPlayer, RealOne

Bill Brenner

RealNetworks Inc. recommends users of RealPlayer and RealOne Player install updated versions it has issued to close a security hole attackers could use to launch malicious code.

The Seattle-based company said

    Requires Free Membership to View

in an advisory it "has addressed a recently discovered security vulnerability that offered the potential for an attacker to run arbitrary or malicious code on a customer's machine." RealNetworks said it has received no reports of machines being compromised because of the vulnerability.

RealOne and RealPlayer are the most widely used products for Internet media delivery, with more than 200 million users worldwide.

The advisory said the specific problem could allow an attacker "to fashion a malicious skin file to cause a buffer overflow, which could have allowed an attacker to execute arbitrary code on a customer's machine. The buffer overrun was designed to occur in a third-party compression library, dunzip32.dll."

It added, "Skin files from RealNetworks' site are carefully examined before posting for viruses and exploits. To ensure that your player is protected, we recommend installing the available updates."

Danish security firm Secunia called the vulnerability "highly critical" in its advisory and credited Aliso Viejo, Calif-based security firm eEye Digital Security with reporting the vulnerability.

The vulnerability affects:

  • RealPlayer 10.5 (prior to build 6.0.12.1056)
  • RealPlayer 10
  • RealOne Player v2
  • RealOne Player v1

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: