'High Risk' RealPlayer Flaws Patched

Digital media delivery firm RealNetworks Inc. late Thursday shipped a major security update for its RealPlayer software to patch a pair of remote code execution vulnerabilities. The security holes, which were reported to RealNetworks more than four months ago, could be exploited by malicious hackers to take complete control over a vulnerable machine. According to eEye Digital Security, the company that discovered the bugs, the most serious flaw exists in the first data packet contained in a Real Media file.

By specially crafting a malformed ".rm" movie file, a direct stack overwrite is triggered, and reliable code execution is possible. Affected software include RealPlayer 8, RealPlayer 10, RealOne Player v1, RealOne Player v2, RealPlayer Enterprise (Windows): RealPlayer 10 (Mac); RealPlayer 10 and Helix Player (Linux)

View: The full story

News source: eWeek

Report a problem with article
Next Article

US PC retailer devotes floor space to Linux

Previous Article

New backdoor program uses Sony rootkit

Join the conversation!

Login or Sign Up to read and post a comment.

-1 Comments - Add comment