RealNetworks says some of its players have ‘Security Vulnerabilities’ that could “potentially allow an attacker to run arbitrary code on a user’s machine”.

Put another way, if you’re running a suspect version, someone could hack your PC and take control unless you implement the appropropriate fix, which you’ll find here.

Affected are:

RealOne Player, RealOne Player v2 for Windows only (all languages), RealPlayer 10 Beta (English only) and RealOne Enterprise Desktop or RealPlayer Enterprise (all versions, standalone and as configured by the RealOne Desktop Manager or RealPlayer Enterprise Manager) - Exploit 1.

RealOne Player, RealOne Player v2 (all language versions, all platforms), and RealOne Enterprise Desktop or RealPlayer Enterprise (all versions, standalone and as configured by the RealOne Desktop Manager or RealPlayer Enterprise Manager) - Exploit 2.

RealOne Player and RealPlayer 8 (all language versions) - Exploit 3.

Exploit 1 allows exploiters to “operate remote Javascript from the domain of the URL opened by a SMIL file or other file”.

Exploit 2 allows exploiters to “fashion RMP files which allow an attacker to download and execute arbitrary code on a user’s machine”.

Exploit 3 allows exploiters to “fashion media files to create ‘Buffer Overrun’ errors”.

“While we have not received reports of anyone actually being attacked with this exploit, all security vulnerabilities are taken very seriously by RealNetworks,” says the company.

This entry was posted on Saturday, February 7th, 2004 at 8:50 pm and is filed under Uncategorized. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

HOME

Viewed 1706 times