RealNetworks Patches ‘Highly Critical’ Flaw in Media Player

RealNetworks released a patch earlier this week for a “highly critical” security flaw discovered by Piotr Bania during a security audit of Real Player and reported to security firm Secunia.

Bania told TechNewsWorld that leaving the hole unpatched could lead to serious problems.

No Known Exploits

“At the time of this writing I have not come across an exploit in the wild, however, it is too early to say that an exploit will not be published in the near future,” he said. “The risk is high and based on my experience I can see hackers exploiting this to their advantage. Whether it will be single incidents or a mass pandemic will be apparent in the coming days or weeks.”

Attempts to reach RealNetworks were unsuccessful, but the company said on its Web site that it had not heard of any problems relating to this flaw.

The vulnerability exists in almost all the versions of RealPlayer and RealOne for Windows, Mac operating systems and Linux, including Helix Player.

The patch can be downloaded from the RealNetworks site , or by going to the tools menu, clicking “check for updates,” selecting “Security Update – April 2005” and installing.

Hacker Code

If exploited, the buffer overflow fault could allow hackers to run their own code on RealPlayer users’ computers. Bani said the problem is not uncommon.

“Current news from the bug-traq lists and other security portals indicate that vulnerabilities occur often and not only in RealNetworks products. As an example we can examine the number of vulnerabilities published in Microsoft’s April Security Bulletins. Based on my experience I cannot rule out that similiar vulnerabilties will not occur in the future,” he said.

Buffer overflow faults have also been found and fixed in the Mozilla Foxfire browser, Windows Media Player, Mac’s iSync and other popular software.

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

How often do you update your passwords?
Loading ... Loading ...

Technewsworld Channels