RealPlayer update closes critical holes
RealNetworks has released an update to RealPlayer to close a number of holes in its media player application. Version 15.02.71 of RealPlayer addresses a total of seven remote code execution vulnerabilities, rated as highly critical by Secunia, which could be exploited by an attacker to compromise a victim's system.
These include errors when processing RMFF Flags, VIDOBJ_START_CODE and RealAudio coded_frame_size, as well as RV10 Encoded Height/Width, RV20 Frame Size Array and RV40 content. A remote code execution problem in Atrac Sample Decoding has also been fixed but is not found in the 15.x.x branch of the media player; this issue affects Mac RealPlayer 184.108.40.2061 but is reportedly not found in version 220.127.116.113.
The company notes that it has "received no reports of any machines actually being compromised as a result of the now-remedied vulnerabilities". Further details about these security bugs are not provided.
Versions 11.0 to 11.1, 14.0.0 to 14.0.7 and 15.0.0 to 18.104.22.168, as well as RealPlayer SP 1.0 to 1.1.5 are affected. The company advises all users to upgrade to the current version. RealPlayer 15.02.71 is available to download for Windows XP, Vista and Windows 7 from the company's web site.
- RealNetworks, Inc. Releases Update to Address Security Vulnerabilities, a security advisory from RealNetworks.