In association with heise online

23 March 2011, 10:24

Security flaw in RealPlayer

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Real Player For the time being, users of RealPlayer should be careful to check the origin of files in the "Internet Video Recording" before playing them. A heap buffer overflow that occurs when the file is parsed allows attackers to inject and execute code locally. Because RealPlayer also runs as a browser plug-in, all users need to do is visit a specially crafted website to infect their PC.

According to Luigi Auriemma, who discovered the vulnerability, the hole is in the Windows version of RealPlayer, though previous versions and other platforms such as Linux and Mac OS X are also likely to be affected. There is no update or patch, and Real probably only recently found out about the problem because Auriemma generally does not inform vendors in advance, but publishes his reports without contacting them.

As a workaround, users can disable or remove the plug-in and/or the ActiveX control in their browser. While RealPlayer not only plays RealMedia, but also many other formats, users can also switch to a wide range of other media players.


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit