Tech Support Guy banner
Status
Not open for further replies.
1 - 2 of 2 Posts

·
Super Moderator
Joined
·
37,798 Posts
Discussion Starter · #1 ·
Hiya

RealNetworks, Inc. has addressed recently discovered security vulnerabilities that offered the potential for an attacker to run arbitrary or malicious code on a customer's machine. RealNetworks has received no reports of machines compromised as a result of the now-remedied vulnerabilities. RealNetworks takes all security vulnerabilities very seriously.

The specific exploits were:

Exploit 1: To fashion a malicious MP3 file to allow the overwriting of a local file or execution of an ActiveX control on a customer's machine.
Exploit 2: To fashion a malicious RealMedia file which uses RealText to cause a heap overflow to allow an attacker to execute arbitrary code on a customer's machine.
Exploit 3: To fashion a malicious AVI file to cause a buffer overflow to allow an attacker to execute arbitrary code on a customer's machine.
Exploit 4: Using default settings of earlier Internet Explorer browsers, a malicious website could cause a local HTML file to be created and then trigger an RM file to play which would then reference this local HTML file.

Affected Software:

RealPlayer 10.5 (6.0.12.1040-1069)
RealPlayer 10
RealOne Player v2
RealOne Player v1
RealPlayer 8
RealPlayer Enterprise
Rhapsody 3 (build 0.815 - 0.1006)
Mac RealPlayer 10 (10.0.0.305 - 331)
Mac RealOne Player
Linux RealPlayer 10 (10.0.0 - 4)
Helix Player (10.0.0 - 4)



http://service.real.com/help/faq/security/050623_player/EN/

Regards

eddie
 
1 - 2 of 2 Posts
Status
Not open for further replies.
Top