RealNetworks warns of media player security flaws

RealNetworks Inc.’s media player software contains vulnerabilities that could let an attacker take control of a PC on which the software is used to download multimedia files, the company confirmed this week.

Corrupt files posing as normal music and video files could allow an attacker to gain control of the downloader’s computer, although RealNetworks stressed in a statement that, as far as it is aware, this has not yet happened.

There are three vulnerabilities: files could be created that will open a Web site on the user’s browser, from where remote Javascript can be operated, files could be created that let the attacker download and use their code on a user’s machine, or media files can be created that will create buffer overrun errors.

The problems have been fixed, and users are advised to download updates from the company’s site, it said.

The affected software is: RealOne Player, RealOne Player v2 for Windows only (all languages), RealOne Player 8, RealPlayer 10 Beta (English only) and RealOne Enterprise Desktop or RealPlayer Enterprise (all versions, standalone and as configured by the RealOne Desktop Manager or RealPlayer Enterprise Manager).

The vulnerabilities were discovered in December by Next Generation Security Software Ltd. (NGSS), in Sutton, England. RealNetworks responded reasonably quickly to the discovery, a spokesperson for NGSS said. “Some vendors take up to a year,” he said.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now