Real Player Problems


Real Player LogoReal Networks has issued a bulletin and patches for a recent string of vulnerabilities. The vulnerabilities are:

  • Exploit 1: To fashion a malicious MP3 file to allow the overwriting of a local file or execution of an ActiveX control on a customer’s machine.
  • Exploit 2: To fashion a malicious RealMedia file which uses RealText to cause a heap overflow to allow an attacker to execute arbitrary code on a customer’s machine.
  • Exploit 3: To fashion a malicious AVI file to cause a buffer overflow to allow an attacker to execute arbitrary code on a customer’s machine.

  • Exploit 4: Using default settings of earlier Internet Explorer browsers, a malicious website could cause a local HTML file to be created and then trigger an RM file to play which would then reference this local HTML file.

    • The vulnerabilites exist with numerous versions of realplayer on various operating systems. Update your realplayer to address these security problems. The vulnerabilities could allow a remote attacker to run malicious code on your machine.

    Related Posts:

    • No Related Posts

    4 Responses to Real Player Problems

    1. imhomeless
      June 27, 2005 at 10:21 pm

      so what platform does it affect?

    2. Administrator
      June 28, 2005 at 9:01 am

      thanks for stopping by imhomeless. sorry for neglecting to insert the hyperlink to the bulletin. i updated it to include it – that should help!

    3. Joe Anderson
      June 28, 2005 at 2:53 pm

      I don’t use Real apart from when I have to!

    4. DON FERGUSON
      December 21, 2006 at 7:14 am

      wE got patchy sound cuts in and out

    Leave a Reply

    Your email address will not be published. Required fields are marked *

    *

    You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>