Security patches issued for RealPlayers

RealNetworks has released patches for its audio-video players in an effort to prevent attacks via buffer overflows.

RealNetwork's patches, released Tuesday, address vulnerabilities in the software that could allow an attacker to run arbitrary or malicious code on a person's computer when a malicious WAV or SMIL file is processed.

Secunia, a security information company, rated the vulnerabilities as critical.

The company released updates for flaws in the Mac RealPlayer 10 and for several Windows players, including RealPlayer 10.5, RealPlayer 10, RealPlayer Enterprise and certain versions of RealOne Player v2.

Upgrades are required for Windows players RealOne Player v1, RealPlayer 8 and certain versions of RealOne Player v2. Upgrades are also needed for the Mac RealOne Player, Linux RealPlayer 10, and the Helix Player for Linux.

Another flaw was discovered in the players in October. That vulnerability could have allowed an attacker to create fake movie files that would run a program on victims' computers.

[Bill Dautrive]

Sad

It is sad that 'professional' programmers can still write code that can be abused by buffer overruns. Avoiding them is a simple matter of paying attention to what you are doing.

[bobby_brady]

Does anyone use Realplayer anymore?

I forgot all about this software until I read the headlines.

real in linux

for those of us with linux, I know I use real player to see streaming media online. thanks to cnet for giving us the choice to use real instead of M$ formats