RealNetworks issues advisory for more critical flaws

By SearchSecurity.com Staff 26 Oct 2007 | SearchSecurity.com

Digg This!     StumbleUpon     Del.icio.us

RealNetworks Inc. has released a second round of updates in less than a week for critical vulnerabilities in its RealPlayer, RealOne and HelixPlayer that could be exploited by an attacker to gain access to a system.

The second round expands the scope if the first advisory, addressing a different flaw in the way the players handle media files. Last week, the Seattle-based digital entertainment services vendor confirmed that attackers could exploit versions 10.5 and 11 beta of its popular media player to run malicious code on targeted machines.

This time versions 10.5 and earlier are affected, RealNetworks said in its updated advisory.

The problem is with boundary errors occurring when the players attempt to play various media files. An attack could be carried out when the victim visits malicious Web sites with Microsoft's Internet Explorer Web browser.

"We have received no reports of any machines actually compromised as a result of the now-remedied vulnerabilities," RealNetworks said.

Danish vulnerability clearinghouse Secunia rated the flaw "highly critical," since an exploit can be carried out remotely.

Tags: Web Application Security,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Web Application Security Twitter settles with FTC over security issues, careless policies Report: Google to phase out Windows, cites security issues New tool enables botnet command and control via Twitter Symantec Internet threat report highlights botnet, malware trends Researchers aim to smarten Web application security scanners Security-related social networking issues abound in organisations New cloud VPN service improves application acceleration, security New banking Trojan targets U.K. banks Social networking risks, benefits for enterprises weighed by RSA panel How to prevent Adobe hacks from affecting your organisation

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary Serious Organized Crime Agency  (SearchSecurityUK.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary