In association with heise online

28 January 2011, 15:39

Security update for RealPlayer

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

RealNetworks has released an update for RealPlayer that eliminates a security vulnerability related to the parsing of AVI files. According to a security bulletin on the Zero Day Initiative web site, a buffer overflow occurs in vidplin.dll. Prepared file headers can be used to inject and execute code.

RealPlayer for Windows 11.0 to 11.1, 14.0.0 and 14.0.1 are reportedly affected, as is RealPlayer SP 1.0 to 1.1.5. In version 14.0.2 the gap is closed. Alternatively, the best update may be to remove RealPlayer entirely from the computer, because the proprietary RealMedia format is now rarely used. Most online video is now distributed using Flash.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit