Two flaws in RealNetworks' popular media player could let attackers commandeer Windows computers running the software, a security company has warned.
The vulnerabilities affect RealPlayer on all versions of Windows, according to two short advisories that eEye Digital Security published Thursday. To exploit the flaws, an attacker would craft a special media file and host it on a Web site or trick a user into opening it, Steve Manzuik, security product manager at eEye, said Friday.
"I don't think there is an immediate risk to users. We have no evidence of others knowing or exploiting the flaw," Manzuik said.
Researchers at eEye told RealNetworks about one of the flaws on Nov. 16 and reported the second on Nov. 30, according to the advisories. eEye regards a patch as "overdue" 60 days after it has reported a vulnerability, so RealNetworks has some time to come up with a fix for the bugs.
Word of the latest flaws in RealPlayer comes just weeks after the SANS Institute, a nonprofit research group, warned that cybercriminals are shifting their attacks from operating systems such as Windows to media players and other applications. Earlier this year, researchers at Internet Security Systems warned that antivirus scanners are a target for hackers.
eEye said it has also found flaws in iTunes and QuickTime, two media player applications from Apple Computer. Those flaws were reported to Apple on Nov. 17.
Representatives for RealNetworks could not immediately be reached for comment.
RealNetworks entire set of software is a massive flaw. No one I know uses anything offered by Real. And I rarely see the .rm file type on the internet. CNET may be one of the few still offering Real as an option for watching video clips.
The two telecom carriers will carry a next-generation iPad running on the fast, next-generation wireless technology, sources tell The Wall Street Journal.
Google creates an animated doodle that features a boy, a girl, Google's search engine, and a jump rope. But might there be darker, more analytical, more troubling interpretations to this tale?
The Silicon Valley online payments startup grew by 1,000 percent last year and is hopeful it can repeat that level of growth this year. To do that, it's had to move away from its early friends-and-family roots and embrace small businesses.
Chamtech's spray-on antenna uses a nano material to provide a low-power boost to antenna range. The wireless-in-a-can product may some day bring an end to unsightly cell towers.
EnerG2 opens a plant to make an engineered carbon that will improve performance of energy storage devices and make storage for start-stop hybrid cars less expensive.
know uses anything offered by Real. And I rarely see the .rm file
type on the internet. CNET may be one of the few still offering Real
as an option for watching video clips.
mj
<a class="jive-link-external" href="http://www.junglemungle.com" target="_newWindow">http://www.junglemungle.com</a>