RealNetworks patches four critical bugs in multimedia player
RealNetworks has issued four critical patches for several versions of its RealPlayer running on Windows, Linux and Apple's Mac OS X.
The flaws could allow a hacker to run malicious code on a PC or cause the computer to reveal information, according to an advisory from Secunia, a security vendor based in Denmark.
RealPlayer is an application that plays audio and video streamed over the Internet.
RealNetworks has published a table detailing which vulnerabilities affect certain player versions on the different platforms. Some users will need to download an entire new version of the application, while others may be able to just download patches.
One of the problems involves the handling of frames in SWF (Shockwave Flash) files due to a design error, which can cause a heap-based buffer overflow, Secunia said.
Another problem causes a stack-based buffer overflow when a media file is imported using an ActiveX control, Microsoft's technology that adds extra functionality to Web pages.
A third flaw is described by RealPlayer as allowing local resources to be accessed. The fourth also involves ActiveX, where a timing issue with "Controls", "Console", or "WindowName" properties can be maliciously manipulated to corrupt RealPlayer's memory, Secunia said.
Secunia ranked the flaws as "highly critical," the vendor's second-highest ranking of risk. The flaws were found by Peter Vreugdenhil, Elazar Broad, Dyon Balding of Secunia and another anonymous researcher, Secunia said.
IDG News Service
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world
On Twitter now
RealNetworks
Powered by Twitter
jfruh
Apple syncing patent can't come soon enough
pasmith
New Twitter features borrow from 3rd party clients
Esther Schindler
Open Source Changes the Software Acquisition Process
mikelgan
How to set up continuous podcast play on the new iTunes
David Strom
Five important Windows 7 mobility features
sjvn
Guard your Wi-Fi for your own sake
Sandra Henry-Stocker
Grepping on Whole Words
Sidekick: The Good News & the Bad News
Either way you look at it Microsoft Data Center management did not follow standards or best practices in this failure. In which case it makes me wonder more about the outsourcing of corporate data much less personal data.
- mburton325
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.
