'High Risk' RealPlayer Flaws Patched

Digital media delivery firm RealNetworks Inc. late Thursday shipped a major security update for its RealPlayer software to patch a pair of remote code execution vulnerabilities. The security holes, which were reported to RealNetworks more than four months ago, could be exploited by malicious hackers to take complete control over a vulnerable machine. According to eEye Digital Security, the company that discovered the bugs, the most serious flaw exists in the first data packet contained in a Real Media file.

By specially crafting a malformed ".rm" movie file, a direct stack overwrite is triggered, and reliable code execution is possible. Affected software include RealPlayer 8, RealPlayer 10, RealOne Player v1, RealOne Player v2, RealPlayer Enterprise (Windows): RealPlayer 10 (Mac); RealPlayer 10 and Helix Player (Linux)

View: The full story

News source: eWeek

Report a problem with article
Previous Story

New backdoor program uses Sony rootkit

Next Story

US PC retailer devotes floor space to Linux


Commenting is disabled on this article.

There are no comments