In association with heise online

22 January 2010, 12:22

Eleven vulnerabilities in RealPlayer fixed

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Real Logo Updates for the various versions of RealPlayer from vendor RealNetworks fix eleven buffer and heap overflows. The vulnerabilities could be exploited to infect a victim's PC with malicious code. Reportedly, users could become infected merely by using the player to open a specially crafted GIF image or skin. Not all of the eleven vulnerabilities are present in all products, but are spread across Helix Player 1.x and 11.x, RealPlayer 10.x and 11.x, RealPlayer Enterprise 1.x and RealPlayer SP 1.x, in each case under Windows, Mac OS X and Linux.

Since the proprietary RealMedia format is now barely used, as an alternative to installing the update, users might wish to simply uninstall RealPlayer completely. While few users still have RealPlayer installed, those who do mostly have vulnerable versions, as has been recently demonstrated by The H's update check. During roughly 140,000 tests over a 30 day period, update check registered around 7,300 installed copies of RealPlayer versions 10.x and 11.x, of which more than 80% were vulnerable.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit