In association with heise online

26 October 2007, 13:37

RealNetworks closes several security holes

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

With updated versions of RealPlayer, RealOne Player and Helix Player, RealNetworks resolves several critical vulnerabilities which allow attackers to use specially crafted media files to inject and execute malicious code on computers. The crafted files can be deployed on web pages or by email.

According to Real's advisory, attackers can use specially crafted mp3, rm, SMIL, swf, ram and pls media files to cause buffer overflows and execute malicious code by manipulating the application's stack and heap. Security expert Piotr Bania has released more detailed advisories about the flawed processing of .mov files. He describes how attackers can use specially crafted files to manipulate the application's heap and cause memory corruption, gaining access to the processor's instruction pointer, through which they can execute the injected code.

Numerous versions of the Player software for Windows, Mac OS X and Linux are affected. RealNetworks has released updates for download and advises users to install them at their earliest convenience.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit