Eleven vulnerabilities in RealPlayer fixed
Updates for the various versions of RealPlayer from vendor RealNetworks fix eleven buffer and heap overflows. The vulnerabilities could be exploited to infect a victim's PC with malicious code. Reportedly, users could become infected merely by using the player to open a specially crafted GIF image or skin. Not all of the eleven vulnerabilities are present in all products, but are spread across Helix Player 1.x and 11.x, RealPlayer 10.x and 11.x, RealPlayer Enterprise 1.x and RealPlayer SP 1.x, in each case under Windows, Mac OS X and Linux.
Since the proprietary RealMedia format is now barely used, as an alternative to installing the update, users might wish to simply uninstall RealPlayer completely. While few users still have RealPlayer installed, those who do mostly have vulnerable versions, as has been recently demonstrated by The H's update check. During roughly 140,000 tests over a 30 day period, update check registered around 7,300 installed copies of RealPlayer versions 10.x and 11.x, of which more than 80% were vulnerable.
- RealNetworks, Inc. Releases Update to Address Security Vulnerabilities, security advisory from Real.
- The H Update Check, a feature from The H.