Home > Security News > High-severity flaw plagues RealOne Player, RealPlayer
Security News:
EMAIL THIS

High-severity flaw plagues RealOne Player, RealPlayer

By Shawna McAlearney, News Writer
12 Jun 2004 | SearchSecurity.com

Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   

To correct a high-severity flaw that impacts millions of users, RealNetworks Inc. recommends upgrading numerous versions of its RealOne Player and RealPlayer to correct security vulnerabilities that could allow an attacker to run arbitrary code on a user's machine.

According to one of the flaw's discoverers, U.K.-based NGSSoftware's John Heasman, RealOne and RealPlayer are the most widely used products for Internet media delivery and are used by more than 200 million users worldwide. The specific number of users affected by the flaw was not released.

"This vulnerability is of high severity given the size of RealNetwork's user base, and given that an attacker could potentially execute code," said Heasman, a security analyst. "Furthermore, the bug is in a core component of RealPlayer, thus it affects the all current versions, from the free player that a home user might download, to the Enterprise edition that an organisation might deploy company-wide."

Affected versions include: RealOne Player (English), RealOne Player version 2 (all languages), RealPlayer 8 (all languages), RealPlayer 10 (English, German and Japanese), RealPlayer Enterprise (all versions, standalone and as configured by the RealPlayer Enterprise Manager).

Heasman said that by crafting a malformed .RA, .RM, .RV or .RMJ file, and forcing a browser or enticing a user to a Web site containing such a file, it's possible to cause heap corruption that can lead to execution of arbitrary attacker-supplied code on the target machine. This code will run in the security context of the logged on user. E-mail attachments are another vector for this type of attack.

"Due to the ease of exploitation these vulnerabilities should be considered high risk," said the NGSSoftware advisory.

Users of RealOne Player, RealOne Player version 2 (all languages) and RealPlayer 10 (English, German and Japanese only) should read the RealOne advisory for the steps involved to update their systems. There is no update available for RealPlayer 8; RealNetworks recommended upgrading to RealPlayer 10. For information on patching the RealPlayer Enterprise Manager, contact your technical account manager or RealNetworks customer support.

Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   


RELATED RESOURCES
2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
Search Bitpipe.com for the latest white papers and business webcasts
Whatis.com, the online computer dictionary



More Tips to Secure Your Network
Focused on Channel Security?
TechTarget Security Media
Information Security View this month\\'s issue and subscribe today.
Information Security Decisions Apply online for free conference admission.
SearchSecurity.com
HomeNewsMagazineMultimediaWhite PapersLearningAdviceTopicsEventsAbout Us
SEARCH :     Site Index Powered by: Search Powered by Google

About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Site Map




All Rights Reserved, Copyright 2003 - 2009, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts