If you use the RealPlayer on Internet Explorer, watch out. Researcher Elazar Broad has posted to the Full Disclosure mailing list a so-called heap overflow vulnerability that makes it possible for an attacker to modify heap blocks after they are freed and overwrite certain registers. This could allow code execution on a compromised machine. The vulnerability affects all versions of RealPlayer running under Internet Explorer.
Exploit code for this flaw has not yet been made public.
Without a patch from RealPlayer, security experts recommend disabling the killbit for the following ActiveX ClassIDs:
- 2F542A2E-EDC9-4BF7-8CB1-87C9919F7F93
- CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA
To avoid the loss of functionality, security experts recommend using RealPlayer in a browser that doesn't support ActiveX, such as Mozilla Firefox (for Windows and Mac).
To address a security hole being exploited by hackers, RealNetworks has issued a security fix for the Windows versions of RealOne Player, RealOne Player version 2, RealPlayer 10.5 and RealPlayer 11 beta. The Windows versions of RealPlayer 8 and earlier versions of RealNetworks are not vulnerable. Linux and Macintosh versions of RealPlayer are also not affected.
The attack targets an ActiveX object installed by RealPlayer, and affects how that object interacts with the Internet Explorer browser. The exploit, if executed, can corrupt process memory and execute arbitrary code.
Affected users should upgrade to RealPlayer 10.5 or RealPlayer 11 beta and install the the latest patch, which was released Friday.
The new RealPlayer allows you to download embedded video content right from your browser.
(Credit: Real Networks)Real Networks has announced a new version of their RealPlayer today that will be available as a PC-only public Beta in June. The player allows users to download and organize nearly all embedded internet video content (Flash, WMV, QuickTime) including content from popular video sites like YouTube, Comedy Central, and of course, CNET. The player was demonstrated for me and actually looks pretty impressive. The new video download feature integrates fairly elegantly into your Web browser (yes, it works on Firefox). It works by temporarily displaying a small, fairly unobtrusive download tab in the right top corner of any video content it detects on a given Web page. It's even able to record streaming internet video in real time.
It looks like a great improvement over the slow, intrusive RealPlayer I remember. One feature it lacks, however, is the ability to export your downloaded video content to an iPod-compatible format. You can, however, use RealPlayer to burn your downloaded videos to CD, and if you pony up some money for RealPlayer Plus, they give the ability to burn video content to DVD. Some small improvements have also been made to speed up the load time of the application and cut out many of the annoying installation questions.
- prev
- 1
- next
