• On last.fm: Check Out Radiohead Music, Events & Pics
advertisementGet three services for $100/mo

December 2, 2005 11:19 AM PST

Flaws found in RealNetworks media player

By Joris Evers
Staff Writer, CNET News

Related Stories

RealNetworks issues critical patch

 November 11, 2005

RealNetworks plugs security holes in player

 June 23, 2005

RealNetworks fixes 'highly critical' flaw

 April 21, 2005

Flaws found in Windows-based media players

 October 28, 2004
Two flaws in RealNetworks' popular media player could let attackers commandeer Windows computers running the software, a security company has warned.

The vulnerabilities affect RealPlayer on all versions of Windows, according to two short advisories that eEye Digital Security published Thursday. To exploit the flaws, an attacker would craft a special media file and host it on a Web site or trick a user into opening it, Steve Manzuik, security product manager at eEye, said Friday.

"I don't think there is an immediate risk to users. We have no evidence of others knowing or exploiting the flaw," Manzuik said.

Researchers at eEye told RealNetworks about one of the flaws on Nov. 16 and reported the second on Nov. 30, according to the advisories. eEye regards a patch as "overdue" 60 days after it has reported a vulnerability, so RealNetworks has some time to come up with a fix for the bugs.

Word of the latest flaws in RealPlayer comes just weeks after the SANS Institute, a nonprofit research group, warned that cybercriminals are shifting their attacks from operating systems such as Windows to media players and other applications. Earlier this year, researchers at Internet Security Systems warned that antivirus scanners are a target for hackers.

eEye said it has also found flaws in iTunes and QuickTime, two media player applications from Apple Computer. Those flaws were reported to Apple on Nov. 17.

Representatives for RealNetworks could not immediately be reached for comment.

See more CNET content tagged:
eEye Digital Security, RealNetworks Inc., flaw, RealNetworks RealPlayer, media player

Add a Comment (Log in or register) 5 comments
Does anyone care???
by Earl Benser December 2, 2005 12:06 PM PST
RealNetworks entire set of software is a massive flaw. No one I
know uses anything offered by Real. And I rarely see the .rm file
type on the internet. CNET may be one of the few still offering Real
as an option for watching video clips.
Reply to this comment
I've stopped using real...
by mj_junglemungle.com December 2, 2005 12:25 PM PST
I only used quicktime and wm.

mj
http://www.junglemungle.com
Reply to this comment
Read The Headline
by j3st3r April 24, 2008 8:30 PM PDT
'Nuff said!
Reply to this comment
I dont use there software....tooo slow
by ron williams April 24, 2008 8:31 PM PDT
I dont use there software after it went to an insanely slow speed.
Reply to this comment
SANS
by jmanico April 24, 2008 8:31 PM PDT
This article is incorrect in that SANS is a for-profit institution. Don't let the .org fool you.
Reply to this comment
Powered by Jive Software
advertisement

Latest tech news headlines

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.

More feeds available in our RSS feed index.

advertisement

Inside CNET News

Scroll Left Scroll Right
News
Latest news
Business tech
Green tech
Wireless
Security
Media
Popular topics
Apple iPhone
Apple iPod
Best hybrid cars
Cell phones
Dell
GPS
CNET sites
CNET TV
Downloads
News
Reviews
Shopper.com
Site map
More information
Newsletters
Corrections
Customer Help Center
RSS
What's new
About CNET