RealNetworks said on its Web site that it had not heard of any problems relating to this flaw. The vulnerability exists in almost all the versions of RealPlayer and RealOne for Windows, Mac operating systems and Linux, including Helix Player.
How Much is 'Free' Costing You?
Learn how DaveRamsey.com saw a 567% uplift in ROI with Omniture. This complimentary guide and webinar cover the most important factors in selecting an analytics solution. Download Now.
RealNetworks (Nasdaq: RNWK) released a patch earlier this week for a "highly critical" security flaw discovered by Piotr Bania during a security audit of Real Player and reported to security firm Secunia.
Bania told TechNewsWorld that leaving the hole unpatched could lead to serious problems.
"At the time of this writing I have not come across an exploit in the wild, however, it is too early to say that an exploit will not be published in the near future," he said. "The risk is high and based on my experience I can see hackers exploiting this to their advantage. Whether it will be single incidents or a mass pandemic will be apparent in the coming days or weeks."
Attempts to reach RealNetworks were unsuccessful, but the company said on its Web site that it had not heard of any problems relating to this flaw.
The vulnerability exists in almost all the versions of RealPlayer and RealOne for Windows, Mac operating systems and Linux, including Helix Player.
The patch can be downloaded from the RealNetworks site , or by going to the tools menu, clicking "check for updates," selecting "Security Update - April 2005" and installing.
If exploited, the buffer overflow fault could allow hackers to run their own code on RealPlayer users' computers. Bani said the problem is not uncommon.
"Current news from the bug-traq lists and other security portals indicate that vulnerabilities occur often and not only in RealNetworks products. As an example we can examine the number of vulnerabilities published in Microsoft's (Nasdaq: MSFT) April Security Bulletins. Based on my experience I cannot rule out that similiar vulnerabilties will not occur in the future," he said.
Buffer overflow faults have also been found and fixed in the Mozilla Foxfire browser, Windows Media Player, Mac's iSync and other popular software.
Print Version
E-Mail Article
Reprints
More by Susan B. Shor
Next Article in Security
|
AOL Develops Anti-Phishing Plan April 20, 2005 
When AOL decides to block a site, a member who tries to access the page will instead receive a notice explaining why the page has been blocked. Part of the difficulty with phishing is the ease with which legitimate sites can be mimicked.
|
Related Stories
|
RealNetworks Fixes Software Vulnerabilities March 03, 2005 
The vulnerability in RealNetworks' RealPlayer software is caused by an unbound string copying operation that allows hackers to execute malicious code through the Synchronized Multimedia Integration Language (SMIL) file format parser.
|
Another Security Flaw Found in IE January 17, 2005 
Symantec Corp. issued an advisory based on the publication of the latest Internet Explorer flaw. The company said that IE's download-detection function can be overridden by certain combinations of coding that includes an automatic download function and other HMTL coding tags.
|
RealNetworks Reports Selling One Million Songs in a Week August 24, 2004 
Last week, RealNetworks, which has more than 550,000 on-demand music subscribers as of the end of June, launched the 49-cent promotion and RealPlayer 10.5 with Harmony Technology. Harmony Technology lets consumers play songs downloaded from the RealPlayer Music Store on more than 100 portable music devices, including the iPod.
|
Online Music Price War: RealNetworks vs. Apple August 17, 2004 
RealNetworks said it would cut its prices in half, offering single-song downloads for 49 cents and full albums for US$4.99. Real said the promotion was for a limited time but did not say how long it would last. Most songs at Apple's iTunes Music Store sell for 99 cents.
|
RealNetworks CEO Rob Glaser Takes on Apple iTunes August 17, 2004 
RealNetworks CEO Rob Glaser said a TV, radio, print and online ad campaign would be launched starting today as well. In a statement, Glaser called the more flexible approach of being able to move between players and platforms "the right thing for consumers and a crucial step in bringing digital delivery of music into the mainstream."
|
Related News Alerts
More by Susan B. Shor
|
Salesnet President Jonathan Tang Ready to Take On Salesforce.com February 07, 2006 
"We think it's Salesnet's time now. We've been around since the beginning, we've been lying low, but you're going to start to see more of us. We've done it through organic growth and happy customers. We continue to focus on customers."
|
Comcast Follows Time Warner in Offering 'Family' Programming Tier December 23, 2005 
"The demand for this type of tier is coming from the FCC and Christian conservatives. It has nothing to do with legitimate consumer demand," Todd Chanko, senior analyst at Jupiter Media, told the E-Commerce Times.
|
High-Risk Flaw Found in Symantec's Software December 22, 2005 
"Part of the significance of this vulnerability announcement is that your machine can be exploited without you needing to do anything at all. You don't even have to open an e-mail or attachment, and this happens with the default configuration of the product," said Forrester Research senior analyst Michael Gavin.
|
Get Business and Technology News Alerts
Most Popular | Spotlight Features | Exclusives
This Week on ECT News Network | Podcasts
WiFi Hotspot Locator 
Inside TechNewsWorld
|
Reader Services
|
Corporate
|
Headline Feeds
Talkback: 
