US-CERT warns of flaw in latest RealPlayer

US-CERT is warning computer users of a possible problem with the latest version of RealPlayer after a Russian security company claimed to have found a way to exploit a critical flaw in the multimedia software. US-CERT (United States Computer Emergency Readiness Team) published its warning on Wednesday, the day after Gleg chief technology officer Evgeny Legerov announced the exploit code in a posting to the Daily Dave security discussion list.

The flaw affects the latest version 11 of RealPlayer running on Windows XP, service pack 2, according to Gleg. A Flash demonstration of the vulnerability has been posted to the Gleg Web site, but the company has not released its attack code or any technical details of the flaw. Legerov discovered the flaw, called a stack overflow bug, during an audit of the RealPlayer source code, he said via e-mail.

View: The full story @ Infoworld

Report a problem with article
Previous Story

Code Testing Tools Could Be Acquisition Targets in '08

Next Story

VIA merges chipset division under CPU, says paper


Unfortunatly I've got Real media saved from when RealPlayer was popular, and a lot of Web sites provide only Real media, besides its available for Linux WMP and others are not

There are other programs which can play realmedia just fine. Real Alternative is one of the best. Also discovered J River Media Center can play them but I'm sure there are others.
I have despised Real Player since they went to the Real One interface. It just takes over your system, you'd think they would have learned by now.

Realplayer has had the same flaw in it for years that Real just hasn't fixed, the flaw being that it SUCKS.

some stupid new PC users are still using it ... maybe because some stupid PC makers are putting it there with the new PCs ...

People use it because they don't know or aren't aware there are alternatives. I go to some IRC rooms that stream and they promote the use of Real Player. They don't understand how it takes over their system, but then again many users really don't have much of a clue as to how their computer works so if a program takes over they don't notice it.

People have nothing better to do but say Real sucks. RealPlayer is alot better now than what it used to be and OMG a program with a flaw in it this never happends for other programs (looking at WMP's little white line in the top corner right now)

Corporate SPAM. I remember when some Adult *action* sites used this as there default player for streaming media.

Commenting is disabled on this article.