Real security problems for RealNetworks
Real security problems for RealNetworks
RealNetworks, whose Internet media viewing products are used by over 200 million people worldwide, has recommended users of a number of versions of its RealOne Player and RealPlayer to upgrade in order to stave off the threat of a serious security flaw.
Given the massive user base of RealNetworks, the vulnerability is very serious, as an attacker could potentially execute code on a user's machine.
The issue affects the following versions: RealOne Player (English), RealOne Player version 2 (all languages), RealPlayer 10 (English, German and Japanese), RealPlayer 8 (all languages), and RealPlayer Enterprise (all versions, standalone and as configured by the RealPlayer Enterprise Manager).
"While we have not received reports of anyone actually being attacked with this exploit, all security vulnerabilities are taken very seriously by RealNetworks. We have found and fixed this problem," stated the company on its website.
U.K.-based NGS Software, which design, research and develop application security assessment scanners, discovered the vulnerabilities and issued the following advisory to users:
"By crafting a malformed .RA, .RM, .RV or .RMJ file, it possible to cause heap corruption that can lead to execution of arbitrary code. By forcing a browser or enticing a user to a website containing such a file, arbitrary attacker supplied code could be executed on the target machine. This code will run in the security context of the logged on user. Another attacker vector is via an e-mail attachment. NGS researchers have created reliable exploits to take advantage of these issues. Due to the ease of exploitation, these vulnerabilities should be considered as high risk and customers are urged to update their players as soon as is possible."
Related Article: