Realnetworks Warns Of Media Player Flaws

[Lord_of_the_Dense]

RealNetworks' media player software contains vulnerabilities that could let an attacker take control of a PC on which the software is used to download multimedia files, the company confirms.

Corrupt files posing as normal music and video files could allow an attacker to gain control of the downloader's computer, the company says. However, RealNetworks stresses in a statement that, as far as it is aware, this has not yet happened.

There are three vulnerabilities: files could be created that will open a Web site on the user's browser, from where remote javascript can be operated; files could be created that let the attacker download and use their code on a user's machine; or media files can be created that will create buffer overrun errors.

Updates Available

The problems have been fixed, and users are advised to download updates from the company's site, it says.

The affected software is: RealOne Player, RealOne Player v2 for Windows only (all languages), RealOne Player 8, RealPlayer 10 Beta (English only), and RealOne Enterprise Desktop or RealPlayer Enterprise (all versions, standalone and as configured by the RealOne Desktop Manager or RealPlayer Enterprise Manager).

The vulnerabilities were discovered in December by Next Generation Security Software (NGSS), in Sutton, England. RealNetworks responded reasonably quickly to the discovery, a spokesperson for NGSS says.

"Some vendors take up to a year," he says.

Source: Yahoo News

[Shawn]

Good for them.

I don't use realplayer, but I'm willing to encourage any software company to try and look after their product with some expediency. Unlike some other company.

[DudeAsInCool]

Pretty honorable to announce their own deficiences and to try and correct them. RealPlayer has gotten better over time... (But as a Macster, I use ITunes)

[InXeo]

Cheers for the Heads Up.

Im going to spread the news.

Yeah it was.. a lot of companys would've just sat there and not said anything.

Well Done RealNetworks. :D

[cube]

naw naw, real is a bitch of a company...

they purposely had these exploits in so they could do "market research",

they control lots of spyware companies in america, and are a hazard to your pc...

REALNETWORKS SUCK PEEN