TechTarget

RealNetworks warns of media player flaws

RealNetworks' media player software contains vulnerabilities that could let an attacker take control of a PC on which the...

RealNetworks' media player software contains vulnerabilities that could let an attacker take control of a PC on...

which the software is used to download multimedia files.

Corrupt files posing as normal music and video files could allow an attacker to gain control of the downloader's computer, although RealNetworks stressed that, as far as it is aware, this has not yet happened.

There are three vulnerabilities: files could be created that will open a website on the user's browser, from where remote Javascript can be operated, files could be created that let the attacker download and use their code on a user's machine, or media files can be created that will create buffer overrun errors.

The problems have been fixed, and users are advised to download updates from the company's site.

The affected software is: RealOne Player, RealOne Player v2 for Windows only (all languages), RealOne Player 8, RealPlayer 10 Beta (English only) and RealOne Enterprise Desktop or RealPlayer Enterprise (all versions, standalone and as configured by the RealOne Desktop Manager or RealPlayer Enterprise Manager).

The vulnerabilities were discovered in December by Next Generation Security Software. RealNetworks responded reasonably quickly to the discovery, said NGSS.

Gillian Law writes for IDG News Service

CW+

Features

Enjoy the benefits of CW+ membership, learn more and join.

Read more

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close