If geeks love it, we’re on it

RealNetworks Advises Users To Patch RealPlayer

RealNetworks Advises Users To Patch RealPlayer

Critical bugs in RealNetworks’ RealPlayer could let hackers hijack Windows, Mac, and Linux systems, security firms warned Tuesday.

Several editions of RealNetworks’ popular media player are at risk from a pair of vulnerabilities, said Danish security firm Secunia, that could allow attackers to compromise machines with specially-crafted .wav and/or .smil, a file type that supports multimedia streaming protocols.

iDefense, a Reston, Va.-based security intelligence firm, discovered the .smil vulnerability, and posted its own warning, along with demonstration code for an exploit that would cause a buffer overflow on the target machine. According to iDefense’s researchers, an attacker could e-mail a corrupt .smil file to a user, or place one on a Web site, then entice people to that URL.

“In default installations of RealPlayer under Windows, Internet Explorer will not prompt the user for an action when encountering a .smil file,” said iDefense’s alert. “It will open it without delay, thus allowing a more effective method of exploitation.”

Source: http://www.techweb.com/wire/security/60404772

Comments

  1. Armo
    Armo does the patch remove realplayer from your computer?

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!