Go to the Softpedia homepage


NEWS CATEGORIES:



NEWS ARCHIVE >>
SOFTPEDIA REVIEWS >>
Home / News / Security / Advisories

Advisories

Real News: RealPlayer Harmed by Real Flaw!

Critical vulnerability in Real Player

By Bogdan Popa, Security and Search Engines Editor

19th of October 2007, 10:38 GMT

Adjust text size:


RealPlayer
Enlarge picture
RealPlayer is the latest software affected by a critical vulnerability, a successful exploitation being able to give the attackers the possibility to control an affected system. According to the French Security Incident Response Team, this flaw
was discovered on June 26, 2006 when it only affected RealPlayer 10.x but the reports are again brought in the spotlights due to new affected flavors of the application. According to InfoWorld, the flaw now targets RealPlayer 10.5 gold and even the 11 beta edition, all of them for the Windows operating system. It's not clear if the hole also affects Linux or Mac users but the security experts stated that this is possible.

"A vulnerability has been identified in RealNetworks RealPlayer and HelixPlayer, which could be exploited by remote attackers to cause a denial of service or take complete control of an affected system," FrSIRT wrote in the advisory.

"This issue is caused by a buffer overflow error in the "SmilTimeValue::parseWallClockValue()" function when handling time formats, which could be exploited by remote attackers to crash an affected application or execute arbitrary code by tricking a user into opening a specially crafted SMIL file or visiting a malicious web page."

Security company Symantec confirmed the reports according to the source mentioned above and it sustained it didn't receive any piece of news concerning a successful exploitation of the flaw. The RealPlayer developers didn't comment on the reports so we're still waiting for a solution to patch the flaw.

It appears that attackers who want to exploit the glitch have to direct users to a malicious website which attempts to install a dangerous file on visitors' computers. Because RealPlayer is not able to handle the content, the attackers can start the exploitation, invade users' computers and access their data in no time.

TAGS:

 realplayer | security | flaw | vulnerability


Rating:
Fair (2.7/5) 7 vote(s) so far    

Read by 708 user(s) | Add comment | Link to this article
Subscribe to news | Print article | Send to friend

© Copyright 2001-2008 Softpedia
Contact:

 

 

SEARCH THE NEWS ARCHIVE :




Today's News | Yesterday's News | News Archive


MORE RELATED ARTICLES:


RealNetworks solves Real Player bugs

RealPlayer to Bring YouTube Ripping

RealPlayer: First, It Was a YouTube Partner. Now, It's a Rival!

Google Pack Could Offer More Free Software for Download

User opinions:

No user comments yet.
Be the first to express your opinion using the form below!

Share your opinion:

Your Name:
Your Email Address:
(will not be used for commercial purposes)
Solve this to prove you're not a bot: =
Your review/opinion:

 






SUBMIT PROGRAM   |   ADVERTISE   |   GET HELP   |   SEND US FEEDBACK   |   RSS FEEDS   |   ENTER NEWS SITE   |   ENGLISH BOARD   |   ROMANIAN FORUM
© 2001 - 2008 Softpedia. All rights reserved.
Softpedia™ and the Softpedia™ logo are registered trademarks of SoftNews NET SRL.		 Copyright Information | Privacy Policy | Terms of Use | Update your software | Archive