Article

Multiple vulnerabilities leave millions of RealPlayer users open to attacks

Edmund X. DeJesus, Staff Writer

Popular Internet media players from RealNetworks must be upgraded to fix multiple vulnerabilities. Errors in handling music and video files can lead to remote code execution or system compromise.

More than 350 million registered users employ Internet media players like RealOne and RealPlayer, including enterprise employees. Jouko Pynnonen and other security researchers at NGSSoftware have

    Requires Free Membership to View

.discovered that these players have heap and buffer overflows when parsing media files, including RAM (RealAudio), RP (RealPix ), RPM (RealAudio Plugin), RT (RealText) and SMIL (synchronized multimedia integration language) formats

Malicious attackers can create media files that will cause overflows and possibly execute arbitrary code on the user's machine. The RPM file vulnerability may also allow the download and execution of arbitrary code on a user's system. The altered media files can reside passively on a remote Web site until a user clicks on them or could be in an e-mail attachment.

The vulnerability affects RealOne Player version 1 and 2, RealPlayer 8 and 10, and RealOne Enterprise Desktop. RealPlayer suffered similar problems in April 2003 with PNG (Portable Network Graphics) format files. RealNetworks has supplied upgrades.


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: