Security flaws in RealNetworks' media player software could allow
attackers to run arbitrary code on a user's computer, the company
warned last week.
Three vulnerabilities exist in the Windows versions of the RealOne
Player and RealPlayer, according to a statement on RealNetworks'
Web site.
By encouraging a RealOne or RealPlayer user to download a malformed
file, an attacker could run code of their choice on a user's
system, according to a security advisory sent by Next Generation
Security Software to the NTBugtraq mailing list.
Next Generation Security Software said it discovered the flaws and
informed RealNetworks on 1 November. It is common for security
firms to release their own bulletin after the software maker fixes
the problem.
RealNetworks recommends that users install a patch to fix the
software, although there are no reports so far of attacks using the
exploit.
Click
here for the Next Generation Security Software advisory.