Security update for RealPlayer
RealNetworks has released an update for RealPlayer that eliminates a security vulnerability related to the parsing of AVI files. According to a security bulletin on the Zero Day Initiative web site, a buffer overflow occurs in vidplin.dll. Prepared file headers can be used to inject and execute code.
RealPlayer for Windows 11.0 to 11.1, 14.0.0 and 14.0.1 are reportedly affected, as is RealPlayer SP 1.0 to 1.1.5. In version 14.0.2 the gap is closed. Alternatively, the best update may be to remove RealPlayer entirely from the computer, because the proprietary RealMedia format is now rarely used. Most online video is now distributed using Flash.
See also:
- RealNetworks Releases Update to Address Security Vulnerabilities, security advisory from RealNetworks.
(trk)