'High Risk' RealPlayer Flaws Patched

Digital media delivery firm RealNetworks Inc. late Thursday shipped a major security update for its RealPlayer software to patch a pair of remote code execution vulnerabilities. The security holes, which were reported to RealNetworks more than four months ago, could be exploited by malicious hackers to take complete control over a vulnerable machine. According to eEye Digital Security, the company that discovered the bugs, the most serious flaw exists in the first data packet contained in a Real Media file.

By specially crafting a malformed ".rm" movie file, a direct stack overwrite is triggered, and reliable code execution is possible. Affected software include RealPlayer 8, RealPlayer 10, RealOne Player v1, RealOne Player v2, RealPlayer Enterprise (Windows): RealPlayer 10 (Mac); RealPlayer 10 and Helix Player (Linux)

View: The full story

News source: eWeek

Report a problem with article
Next Article

US PC retailer devotes floor space to Linux

Previous Article

New backdoor program uses Sony rootkit

-1 Comments - Add comment