News Stay informed about the latest enterprise technology news and product updates.

Multiple vulnerabilities leave millions of RealPlayer users open to attacks

Multiple vulnerabilities in the RealPlayer application can leave users open to buffer-overflow attacks if the upgrade isn't applied.

Popular Internet media players from RealNetworks must be upgraded to fix multiple vulnerabilities. Errors in handling music and video files can lead to remote code execution or system compromise.

More than 350 million registered users employ Internet media players like RealOne and RealPlayer, including enterprise employees. Jouko Pynnonen and other security researchers at NGSSoftware have .discovered that these players have heap and buffer overflows when parsing media files, including RAM (RealAudio), RP (RealPix ), RPM (RealAudio Plugin), RT (RealText) and SMIL (synchronized multimedia integration language) formats

Malicious attackers can create media files that will cause overflows and possibly execute arbitrary code on the user's machine. The RPM file vulnerability may also allow the download and execution of arbitrary code on a user's system. The altered media files can reside passively on a remote Web site until a user clicks on them or could be in an e-mail attachment.

The vulnerability affects RealOne Player version 1 and 2, RealPlayer 8 and 10, and RealOne Enterprise Desktop. RealPlayer suffered similar problems in April 2003 with PNG (Portable Network Graphics) format files. RealNetworks has supplied upgrades.

Dig Deeper on Application attacks (buffer overflows, cross-site scripting)

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.