Two flaws in RealNetworks' popular RealPlayer could let attackers commandeer Windows computers running the software, eEye Digital Security has warned.
The vulnerabilities affect RealPlayer on all versions of Windows, according to two short advisories that eEye published Thursday. To exploit the flaws, an attacker would craft a special media file and host it on a Web site or trick a user into opening it, Steve Manzuik, security product manager at eEye, said Friday.
"I don't think there is an immediate risk to users. We have no evidence of others knowing or exploiting the flaw," Manzuik said. Researchers at eEye told RealNetworks about one of the flaws on Nov. 16 and reported the second on Nov. 30, according to the advisories. eEye regards a patch as "overdue" 60 days after it has reported a vulnerability, so RealNetworks has some time to come up with a fix for the bugs.
News source: C|Net News.com
Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!
Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.