When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.

High-Risk RealPlayer Hole Patched

Digital media delivery outfit RealNetworks Inc. on Wednesday released patches for a high-risk security flaw in several versions of its widely deployed RealPlayer software. The Seattle, Wash.-based company said the flaw could allow an attacker to run arbitrary or malicious code on unpatched machines. "RealNetworks has received no reports of machines compromised as a result of the now-remedied vulnerabilities," the company said in an online advisory.

Security research company Secunia rates the issue as "highly critical" and urged users to apply the appropriate fixes immediately. The vulnerability flaw is described as a heap overflow error that occurs when the RealPlayer software handles malformed ".ram" files containing a specially crafted "host" variable. RealNetworks uses the ".ram" format to compress audio files for streaming over the Internet. The company's alert said most major versions of its flagship RealPlayer and RealONE software were affected by the vulnerability.

View: Online advisory

View: The full story

News source: eWeek

Report a problem with article
Next Article

VIA announces chipset support for AMD dual-core technology

Previous Article

Google "My Search History (Beta)"