Gaming News

Real Player under Attack

By Ulf Mar 2, 2005, 17:06 GMT

The latest version of the Real Player from RealNetworks contains two serious security holes.

Prepared .WAV or .SMIL files can cause a buffer overflow which enables an aggressor to upload code on the user's desktop, which is executed when the user opens the files.
Files which have been prepared like this can be transferred via email or download.

The versions affected are :
For  Windows RealPlayer 10.x, RealOne Player v2 / v1, RealPlayer 8 and RealPlayer Enterprise. The fixed version is RealPlayer 10.5 (6.0.12.1059).

For Mac OS the weak spots are found in the RealPlayer 10 and RealOne Player. In version 10 (10.0.0.331) the mistake is removed.

For Linux the RealPlayer 10 and the Helix Player are affected. No fixed versions are available for this.

The Player for Symbian and PalmOS are not concerned by the weak spots.

RealNetworks classifies the security gaps as critical and recommends all users to install the available updates. Under Windows and Mac OS the update function of the Player can be used.

More info here.



FROM THE WEB

Further Reading on M&C

COMMENT

comments powered by Disqus

Latest Headlines on M&C

Follow Us

Follow M&C on Pinterest

Search

Custom Search

More

Latest on M&C

.