Version: 2008
  • On TechRepublic: Five super-secret features in Windows 7

November 11, 2005 11:21 AM PST

RealNetworks issues critical patch

  • 3 comments
RealNetworks issued a critical patch Thursday to address three flaws that could allow a hacker to launch a remote attack to run malicious code on a user's computer.

The company issued an update to address flaws in Windows versions of RealPlayer 10.5 and RealPlayer 10, RealOne Player v2 and v1, RealPlayer 8 and RealPlayer Enterprise.

Also affected are Apple's Mac version of RealPlayer 10, as well as Linux versions of RealPlayer 10 and Helix Player.

One flaw could allow a remote attacker to craft a malformed .rm movie file and trigger a buffer overflow, which allows the attacker to run arbitrary code on a user's computer and take control of it, according to eEye Digital Security, which discovered two of the flaws.

A second vulnerability could allow a buffer overrun to occur in a third-party compression library, a component within RealPlayer used to decompress skin files. A skin is used to change the look of a application, in this case RealPlayer.

A third vulnerability involves a RealPlayer compressed, or zipped, skin file that could lead to a buffer overflow and an attacker remotely executing code to take over a user's computer.

Security company NGS Software also aided in the discovery of the flaws.

RealNetworks noted it has received no reports of computers being compromised as a result of these vulnerabilities.

But in September, it issued a patch to address a variety of flaws in its RealPlayer and Helix Player. The patch came several days after exploit code had been published that could take advantage of the vulnerabilites.

See more CNET content tagged:
RealNetworks Inc., RealNetworks RealPlayer, flaw, attacker, buffer-overflow

Add a Comment (Log in or register) (3 Comments)
  • prev
  • 1
  • next
realplay and 64bit argghghg!!!!
by November 11, 2005 1:17 PM PST
my athlon 64 suse v10 system has a hard time uh, you know, thunking.. I would really appreciate some more considerate builds.. and I am quite sure that its already been done... but to not post it for the public... geeze,, its not like Linux really is much of a support cost to the company...
Reply to this comment
Nice thing about this problem....
by Earl Benser November 12, 2005 12:48 PM PST
... you have to be running one of Real's software items before it is a
problem. Since I don't run junk apps, and since Real only makes
junk apps, this problem isn't a problem........... ;-)
Reply to this comment
install problem
by ttodd0450 November 6, 2007 8:06 AM PST
Got this critical Patch update notice from Real Player today,, and it says 'click here' to install,, It then finds the web site- installs the Patch and then..... it Just sits there and there is no notice that it has completed. It just sits on the same screen that that says Click Here for Patch.

If I repeat it- it goes thru the same cycle again.

Did the programmers forget to include a final thank-you screen? like everyone else does in this computing world of ours ???
Reply to this comment
(3 Comments)
  • prev
  • 1
  • next
advertisement

Latest tech news headlines

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.

More feeds available in our RSS feed index.

Markets

Market news, charts, SEC filings, and more

Related quotes

RealNetworks (2.68%) 0.09 3.45
Dow Jones Industrials (0.22%) 22.75 10,388.90
S&P 500 (0.55%) 6.06 1,105.98
NASDAQ (0.98%) 21.21 2,194.35
CNET TECH (0.29%) 4.71 1,602.07
  Symbol Lookup
advertisement

Inside CNET News

Scroll Left Scroll Right