The Notebook Review forums were hosted by TechTarget, who shut down them down on January 31, 2022. This static read-only archive was pulled by NBR forum users between January 20 and January 31, 2022, in an effort to make sure that the valuable technical information that had been posted on the forums is preserved. For current discussions, many NBR forum users moved over to NotebookTalk.net after the shutdown.
Problems? See this thread at archive.org.

    RealPlayer haunted by 11 critical vulnerabilities

    Discussion in 'Security and Anti-Virus Software' started by Tinderbox (UK), Jan 26, 2010.

  1. Tinderbox (UK)

    Tinderbox (UK) BAKED BEAN KING

    Reputations:
    4,745
    Messages:
    8,513
    Likes Received:
    3,823
    Trophy Points:
    431
    http://blogs.zdnet.com/security/?p=5344&tag=trunk;content

    A quick heads-up to any computer users out with RealPlayer installed: There are at least 11 critical vulnerabilities that expose Windows, Mac and Linux users to malicious hacker attacks.

    RealNetworks released an advisory to warn of the vulnerabilities, which could be exploited via rigged image and media files to launch remote code execution attacks.
    The vulnerabilities also affect some versions of the Helix Player for Linux.


    Here are the details from the RealNetworks alert:

    A heap overflow error when processing a malformed ASM Rulebook, which could be exploited to execute arbitrary code.
    A heap overflow error when processing a malformed GIF file, which could be exploited to execute arbitrary code.
    A buffer overflow error when processing a malformed media file, which could be exploited to execute arbitrary code.
    A buffer overflow error when processing a malformed IVR file, which could be exploited to execute arbitrary code.
    A heap overflow error when processing a malformed IVR file, which could be exploited to execute arbitrary code.
    A heap overflow error related to the SIPR Codec, which could be exploited to execute arbitrary code.
    A heap overflow error when processing a malformed compressed GIF, which could be exploited to execute arbitrary code.
    A heap overflow error when parsing a malformed SMIL file, which could be exploited to execute arbitrary code.
    A heap overflow error when parsing a malformed Skin, which could be exploited to execute arbitrary code.
    An array overflow error when parsing a malformed ASM RuleBook, which could be exploited to execute arbitrary code.
    A buffer overflow error related to rtsp “set_parameter” method, which could be exploited to execute arbitrary code.
    RealPlayer is a favorite target for malware writers and fraudware purveyors who rig exploits into Web pages to launch drive-by download attacks. This should be treated as a critical update for all RealPlayer users. If you don’t use the software, you are best advised to uninstall it immediately.
     
    Tinderbox (UK), Jan 26, 2010
    #1
  2. DetlevCM

    DetlevCM Notebook Nobel Laureate

    Reputations:
    4,843
    Messages:
    8,389
    Likes Received:
    1
    Trophy Points:
    205
    Doesn't surprise me... in the long run I have personally always found the programme to be plenty of trouble....
     
    DetlevCM, Jan 27, 2010
    #2
  3. Padmé

    Padmé NBR Super Pink Princess

    Reputations:
    4,674
    Messages:
    3,803
    Likes Received:
    0
    Trophy Points:
    105
    I used it for several years until I started reading about too many vulnerabilities in it.
     
    Padmé, Jan 27, 2010
    #3
  4. Alexrose1uk

    Alexrose1uk Music, Media, Game

    Reputations:
    616
    Messages:
    2,324
    Likes Received:
    13
    Trophy Points:
    56
    Gotta say I HATE realplayer, have done since I first saw it installed as bloat in the 90s. It does nothing WMP doesnt and is a waste of space, I wouldnt even say the codec is that great, on top its a PITA to remove sometimes, I consider it more a virus than Itunes, which is already bad enough at poking its nose where you dont want it!
     
    Alexrose1uk, Jan 27, 2010
    #4