November 11, 2005 11:21 AM PST

RealNetworks issues critical patch

RealNetworks issued a critical patch Thursday to address three flaws that could allow a hacker to launch a remote attack to run malicious code on a user's computer.

The company issued an update to address flaws in Windows versions of RealPlayer 10.5 and RealPlayer 10, RealOne Player v2 and v1, RealPlayer 8 and RealPlayer Enterprise.

Also affected are Apple's Mac version of RealPlayer 10, as well as Linux versions of RealPlayer 10 and Helix Player.

One flaw could allow a remote attacker to craft a malformed .rm movie file and trigger a buffer overflow, which allows the attacker to run arbitrary code on a user's computer and take control of it, according to eEye Digital Security, which discovered two of the flaws.

A second vulnerability could allow a buffer overrun to occur in a third-party compression library, a component within RealPlayer used to decompress skin files. A skin is used to change the look of a application, in this case RealPlayer.

A third vulnerability involves a RealPlayer compressed, or zipped, skin file that could lead to a buffer overflow and an attacker remotely executing code to take over a user's computer.

Security company NGS Software also aided in the discovery of the flaws.

RealNetworks noted it has received no reports of computers being compromised as a result of these vulnerabilities.

But in September, it issued a patch to address a variety of flaws in its RealPlayer and Helix Player. The patch came several days after exploit code had been published that could take advantage of the vulnerabilites.

3 comments

Join the conversation!
Add your comment
realplay and 64bit argghghg!!!!
my athlon 64 suse v10 system has a hard time uh, you know, thunking.. I would really appreciate some more considerate builds.. and I am quite sure that its already been done... but to not post it for the public... geeze,, its not like Linux really is much of a support cost to the company...
Posted by (187 comments )
Reply Link Flag
Nice thing about this problem....
... you have to be running one of Real's software items before it is a
problem. Since I don't run junk apps, and since Real only makes
junk apps, this problem isn't a problem........... ;-)
Posted by Earl Benser (4310 comments )
Reply Link Flag
install problem
Got this critical Patch update notice from Real Player today,, and it says 'click here' to install,, It then finds the web site- installs the Patch and then..... it Just sits there and there is no notice that it has completed. It just sits on the same screen that that says Click Here for Patch.

If I repeat it- it goes thru the same cycle again.

Did the programmers forget to include a final thank-you screen? like everyone else does in this computing world of ours ???
Posted by ttodd0450 (15 comments )
Reply Link Flag
 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.