RealNetworks issued a critical patch Thursday to address three flaws that could allow a hacker to launch a remote attack to run malicious code on a user's computer.
The company issued an update to address flaws in Windows versions of RealPlayer 10.5 and RealPlayer 10, RealOne Player v2 and v1, RealPlayer 8 and RealPlayer Enterprise.
Also affected are Apple's Mac version of RealPlayer 10, as well as Linux versions of RealPlayer 10 and Helix Player.
One flaw could allow a remote attacker to craft a malformed .rm movie file and trigger a buffer overflow, which allows the attacker to run arbitrary code on a user's computer and take control of it, according to eEye Digital Security, which discovered two of the flaws.
A second vulnerability could allow a buffer overrun to occur in a third-party compression library, a component within RealPlayer used to decompress skin files. A skin is used to change the look of a application, in this case RealPlayer.
A third vulnerability involves a RealPlayer compressed, or zipped, skin file that could lead to a buffer overflow and an attacker remotely executing code to take over a user's computer.
Security company NGS Software also aided in the discovery of the flaws.
RealNetworks noted it has received no reports of computers being compromised as a result of these vulnerabilities.
my athlon 64 suse v10 system has a hard time uh, you know, thunking.. I would really appreciate some more considerate builds.. and I am quite sure that its already been done... but to not post it for the public... geeze,, its not like Linux really is much of a support cost to the company...
... you have to be running one of Real's software items before it is a problem. Since I don't run junk apps, and since Real only makes junk apps, this problem isn't a problem........... ;-)
Got this critical Patch update notice from Real Player today,, and it says 'click here' to install,, It then finds the web site- installs the Patch and then..... it Just sits there and there is no notice that it has completed. It just sits on the same screen that that says Click Here for Patch.
If I repeat it- it goes thru the same cycle again.
Did the programmers forget to include a final thank-you screen? like everyone else does in this computing world of ours ???
Web giant is spending $120 million to beef up its Mountain View, Calif., headquarters, according to filings with the city reviewed by the San Jose Mercury News.
The Samsung Galaxy Mini 2 S6500 could make its debut at the Mobile World Congress in Barcelona later this month, according to a leaked promotional image.
MIT creates a simulation to celebrate the 50th anniversary of Spacewar. A relic of the early days of minicomputers, it was one of the first computer video games and set the stage for many others, including Asteroids.
problem. Since I don't run junk apps, and since Real only makes
junk apps, this problem isn't a problem........... ;-)
If I repeat it- it goes thru the same cycle again.
Did the programmers forget to include a final thank-you screen? like everyone else does in this computing world of ours ???