14 DAY TRIAL // RealPlayer is the latest software affected by a critical vulnerability, a successful exploitation being able to give the attackers the possibility to control an affected system. According to the French Security Incident Response Team, this flaw was discovered on June 26, 2006 when it only affected RealPlayer 10.x but the reports are again brought in the spotlights due to new affected flavors of the application. According to InfoWorld, the flaw now targets RealPlayer 10.5 gold and even the 11 beta edition, all of them for the Windows operating system. It's not clear if the hole also affects Linux or Mac users but the security experts stated that this is possible.
"A vulnerability has been identified in RealNetworks RealPlayer and HelixPlayer, which could be exploited by remote attackers to cause a denial of service or take complete control of an affected system," FrSIRT wrote in the advisory.
"This issue is caused by a buffer overflow error in the "SmilTimeValue::parseWallClockValue()" function when handling time formats, which could be exploited by remote attackers to crash an affected application or execute arbitrary code by tricking a user into opening a specially crafted SMIL file or visiting a malicious web page."
Security company Symantec confirmed the reports according to the source mentioned above and it sustained it didn't receive any piece of news concerning a successful exploitation of the flaw. The RealPlayer developers didn't comment on the reports so we're still waiting for a solution to patch the flaw.
It appears that attackers who want to exploit the glitch have to direct users to a malicious website which attempts to install a dangerous file on visitors' computers. Because RealPlayer is not able to handle the content, the attackers can start the exploitation, invade users' computers and access their data in no time.