November 11, 2005 11:21 AM PST
RealNetworks issues critical patch
The company issued an update to address flaws in Windows versions of RealPlayer 10.5 and RealPlayer 10, RealOne Player v2 and v1, RealPlayer 8 and RealPlayer Enterprise.
Also affected are Apple's Mac version of RealPlayer 10, as well as Linux versions of RealPlayer 10 and Helix Player.
One flaw could allow a remote attacker to craft a malformed .rm movie file and trigger a buffer overflow, which allows the attacker to run arbitrary code on a user's computer and take control of it, according to eEye Digital Security, which discovered two of the flaws.
A second vulnerability could allow a buffer overrun to occur in a third-party compression library, a component within RealPlayer used to decompress skin files. A skin is used to change the look of a application, in this case RealPlayer.
A third vulnerability involves a RealPlayer compressed, or zipped, skin file that could lead to a buffer overflow and an attacker remotely executing code to take over a user's computer.
Security company NGS Software also aided in the discovery of the flaws.
RealNetworks noted it has received no reports of computers being compromised as a result of these vulnerabilities.
But in September, it issued a patch to address a variety of flaws in its RealPlayer and Helix Player. The patch came several days after exploit code had been published that could take advantage of the vulnerabilites.
3 commentsJoin the conversation! Add your comment