RealNetworks Advises Users To Patch RealPlayer
Critical bugs in RealNetworks' RealPlayer could let hackers hijack Windows, Mac, and Linux systems, security firms warned Tuesday.
Source: http://www.techweb.com/wire/security/60404772Several editions of RealNetworks' popular media player are at risk from a pair of vulnerabilities, said Danish security firm Secunia, that could allow attackers to compromise machines with specially-crafted .wav and/or .smil, a file type that supports multimedia streaming protocols.
iDefense, a Reston, Va.-based security intelligence firm, discovered the .smil vulnerability, and posted its own warning, along with demonstration code for an exploit that would cause a buffer overflow on the target machine. According to iDefense's researchers, an attacker could e-mail a corrupt .smil file to a user, or place one on a Web site, then entice people to that URL.
"In default installations of RealPlayer under Windows, Internet Explorer will not prompt the user for an action when encountering a .smil file," said iDefense's alert. "It will open it without delay, thus allowing a more effective method of exploitation."
0
Comments