Version: 2008
  • On The Insider: Britney's Bikini-Clad Top 10
advertisementGet Smart about Business Spending

June 23, 2005 5:44 PM PDT

RealNetworks plugs security holes in player

By Joris Evers
Staff Writer, CNET News

  • 2 comments
Related Stories

RealNetworks fixes 'highly critical' flaw

 April 21, 2005

Security patches issued for RealPlayers

 March 3, 2005
Several security holes in RealNetworks' widely used media player software could put PCs at risk of attack, the company has warned.

Four vulnerabilities in RealPlayer have been discovered, the most serious of which could allow an intruder to gain control of a computer, RealNetworks said in a security advisory posted Thursday. Software updates are now available to plug the holes, the company said.

Security experts from the French Security Incident Response Team, or FrSIRT, labeled the problems as "critical"--the highest rating--in an alert issued Thursday.

The problems exist in current and some older releases of RealPlayer, and they affect versions for Windows as well as Mac OS and Linux, RealNetworks said. In addition, one of the newly patched bugs also is found in Rhapsody 3, the software used in RealNetworks' music service.

Three of the four flaws could be exploited using a malicious media file, RealNetworks said. Specially crafted RealMedia and AVI files could allow an attacker to take over a user's computer, while a malicious MP3 file could be used to overwrite local files or execute ActiveX controls, it said.

To take advantage of the fourth flaw, a hacker would need to build a malicious Web site. However, the attack would require the user to be running earlier versions of Internet Explorer with standard settings on the computer, RealNetworks said.

RealNetworks' updates are available in its advisory for all affected products and recommends that people install the newer versions.

See more CNET content tagged:
RealNetworks Inc., security hole, RealNetworks RealPlayer, media player, security

Add a Comment (Log in or register)
They Are Always Patching This #$%^&#
by Stating June 23, 2005 9:48 PM PDT
Like, every other month they issue patches for ReekPlayer. What is wrong with this company? They've only got one small app to take care of and they can't even manage that. And what is with their hokey player that forces me to login every time I use it to get the full 10 band equalizer, for which I have paid? Can't they just set the registry to record the license and give me the full feature set automatically? This company is so dumb they deserve to go out of business.
Reply to this comment
What do you know ????????
by Earl Benser June 26, 2005 5:26 AM PDT
I wasn't sure that Real was still around - other than CNET's
insistance on using this defective service for videos.

I haven't even seen a .rm file in many months - but there have been
multitudes of .mpg, .mov, .avi, etc. files. Sort of made me think
that Real had vaporized when no one was looking.

Too bad. That's what they should do....
Reply to this comment
advertisement

Latest tech news headlines

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.

More feeds available in our RSS feed index.

Markets

Market news, charts, SEC filings, and more

Related quotes

RealNetworks (0.00%) 0.00 3.43
Dow Jones Industrials (0.00%) 0.00 10,318.16
S&P 500 (0.00%) 0.00 1,091.38
NASDAQ (0.00%) 0.00 2,146.04
CNET TECH (0.00%) 0.00 1,577.23
  Symbol Lookup
advertisement

Inside CNET News

Scroll Left Scroll Right
News
News site map
Latest headlines
Contact News
News staff
Corrections
CNET blogs
Popular topics
Apple iPhone
Apple iPod
Cell phones
Dell
GPS
LCD TV
CNET sites
CNET Site map
CNET TV
Downloads
News
Reviews
Shopper.com
More information
Newsletters
CNET Mobile
Customer Help Center
RSS
CNET Widgets
About CNET