Home > Security News > RealPlayer users urged to patch
Security News:
EMAIL THIS

RealPlayer users urged to patch

By Bill Brenner, News Writer
02 Mar 2005 | SearchSecurity.com

Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   

RealNetworks Inc. has urged users of its popular multimedia players to install patches that fix two security holes attackers could exploit to cause a buffer overflow and launch malicious code.

"RealNetworks Inc. has addressed recently discovered security vulnerabilities that offered the potential for an attacker to run arbitrary or malicious code on a customer's machine," the Seattle-based vendor said in an advisory. "RealNetworks has received no reports of machines compromised as a result of the now-remedied vulnerabilities."

Danish security firm Secunia called the vulnerabilities "highly critical" in its advisory.

The first problem, reported by Mark Litchfield of British security firm NGS Software, is a boundary error within the processing of .wav [wave] files. An attacker could exploit the flaw
More on RealPlayer

'Highly critical' flaws fixed in RealPlayer

Multiple vulnerabilities leave millions of RealPlayer users open to attacks
to cause a buffer overflow using a specially crafted .wav file.

A wave file is an audio file format created by Microsoft that has become a standard PC format for everything from system and game sounds to CD-quality audio. Wave files are identified by a file extension of .wav. Used primarily in PCs, the format has been accepted as a viable interchange medium for other computer platforms, such as Macintosh. This allows content developers to freely move audio files between platforms for processing, for example.

The second problem, reported by Reston, Va.-based security firm iDefense, is a stack-based buffer overflow vulnerability in the Synchronized Multimedia Integration Language (SMIL) file format parser within various versions of RealPlayer. An attacker could exploit the flaw -- caused by an unbounded string copying operation -- to launch malicious code.

SMIL is a language that allows Web site creators to be able to easily define and synchronize multimedia elements (video, sound, still images) for Web presentation and interaction.

The vulnerabilities affect:

  • Helix Player 1.0
  • RealOne Player version 1
  • RealOne Player version 2
  • RealPlayer 10
  • RealPlayer 8
  • RealPlayer Enterprise 1.0


Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   



RELATED RESOURCES
2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
Search Bitpipe.com for the latest white papers and business webcasts
Whatis.com, the online computer dictionary


More Tips to Secure Your Network
TechTarget Security Media
Information Security View this month\\'s issue and subscribe today.
Information Security Decisions Apply online for free conference admission.
SearchSecurity.com
HomeNewsMagazineMultimediaWhite PapersLearningAdviceTopicsEventsAbout Us
SEARCH :     Site Index Powered by: Search Powered by Google

About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Site Map




All Rights Reserved, Copyright 2003 - 2009, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts