RealNetworks patches four critical bugs in multimedia player
RealNetworks has issued four critical patches for several versions of its RealPlayer running on Windows, Linux and Apple's Mac OS X.
The flaws could allow a hacker to run malicious code on a PC or cause the computer to reveal information, according to an advisory from Secunia, a security vendor based in Denmark.
RealPlayer is an application that plays audio and video streamed over the Internet.
RealNetworks has published a table detailing which vulnerabilities affect certain player versions on the different platforms. Some users will need to download an entire new version of the application, while others may be able to just download patches.
One of the problems involves the handling of frames in SWF (Shockwave Flash) files due to a design error, which can cause a heap-based buffer overflow, Secunia said.
Another problem causes a stack-based buffer overflow when a media file is imported using an ActiveX control, Microsoft's technology that adds extra functionality to Web pages.
A third flaw is described by RealPlayer as allowing local resources to be accessed. The fourth also involves ActiveX, where a timing issue with "Controls", "Console", or "WindowName" properties can be maliciously manipulated to corrupt RealPlayer's memory, Secunia said.
Secunia ranked the flaws as "highly critical," the vendor's second-highest ranking of risk. The flaws were found by Peter Vreugdenhil, Elazar Broad, Dyon Balding of Secunia and another anonymous researcher, Secunia said.
IDG News Service
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world
On Twitter now
RealNetworks
Powered by Twitter
Esther Schindler
If the comments are ugly, the code is ugly
claird
SVG a graphics format for 21st century
pasmith
Take Chrome OS for a test spin
Sandra Henry-Stocker
Solaris Tip: Have Your Files Changed Since Installation?
jfruh
Android fragments vs. the iPhone monolith
mikelgan
What Gizmodo missed about the Pro WX Wireless USB disk drive
Where Google Chrome security fails: the password
I heard mention that the Chrome OS will have some sort of encryption available a la bitlocker. If it's possible to encrypt personal data using another password or key, then it may have potential for very secure data.... And Ubuntu has an 'encrypt home directory' option, perhaps google should follow suit.
- Dann
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.
