http://blogs.zdnet.com/security/?p=5344&tag=trunk;content
A quick heads-up to any computer users out with RealPlayer installed: There are at least 11 critical vulnerabilities that expose Windows, Mac and Linux users to malicious hacker attacks.
RealNetworks released an advisory to warn of the vulnerabilities, which could be exploited via rigged image and media files to launch remote code execution attacks.
The vulnerabilities also affect some versions of the Helix Player for Linux.
Here are the details from the RealNetworks alert:
A heap overflow error when processing a malformed ASM Rulebook, which could be exploited to execute arbitrary code.
A heap overflow error when processing a malformed GIF file, which could be exploited to execute arbitrary code.
A buffer overflow error when processing a malformed media file, which could be exploited to execute arbitrary code.
A buffer overflow error when processing a malformed IVR file, which could be exploited to execute arbitrary code.
A heap overflow error when processing a malformed IVR file, which could be exploited to execute arbitrary code.
A heap overflow error related to the SIPR Codec, which could be exploited to execute arbitrary code.
A heap overflow error when processing a malformed compressed GIF, which could be exploited to execute arbitrary code.
A heap overflow error when parsing a malformed SMIL file, which could be exploited to execute arbitrary code.
A heap overflow error when parsing a malformed Skin, which could be exploited to execute arbitrary code.
An array overflow error when parsing a malformed ASM RuleBook, which could be exploited to execute arbitrary code.
A buffer overflow error related to rtsp set_parameter method, which could be exploited to execute arbitrary code.
RealPlayer is a favorite target for malware writers and fraudware purveyors who rig exploits into Web pages to launch drive-by download attacks. This should be treated as a critical update for all RealPlayer users. If you dont use the software, you are best advised to uninstall it immediately.
-
Tinderbox (UK) BAKED BEAN KING
-
Doesn't surprise me... in the long run I have personally always found the programme to be plenty of trouble....
-
I used it for several years until I started reading about too many vulnerabilities in it.
-
Alexrose1uk Music, Media, Game
Gotta say I HATE realplayer, have done since I first saw it installed as bloat in the 90s. It does nothing WMP doesnt and is a waste of space, I wouldnt even say the codec is that great, on top its a PITA to remove sometimes, I consider it more a virus than Itunes, which is already bad enough at poking its nose where you dont want it!
RealPlayer haunted by 11 critical vulnerabilities
Discussion in 'Security and Anti-Virus Software' started by Tinderbox (UK), Jan 26, 2010.