14 DAY TRIAL // The company published at the end of last week a security patch which was to solve three vulnerabilities considered critical. Should a hacker have the opportunity, these breaches could have allowed him to take over the control of the system and run executable code remotely.
RealNetworks announced the update addressing the breaches found in the Windows editions of the RealPlayer 10.5 and RealPlayer 10, RealOne Player v2 and v1, RealPlayer 8 and RealPlayer Enterprise. The vulnerabilities were also found in the Mac version of RealPlayer 10, and Linux didn't get away either, as the vulnerability is also present in editions of RealPlayer 10 and Helix Player compatible with the open source operating system.
One of the vulnerabilities allowed the hacker to launch buffer overflow attacks via a modified .rm file. Once the attack was launched, the hacker could run whatever code he pleased on that system and take over.
A second vulnerability could allow a buffer overrun to occur in a third-party compression library, a component within RealPlayer used to decompress skin files. A skin is used to change the look of an application, in this case RealPlayer.
The last breach in RealPlayer involved a compressed, or zipped, skin file that could lead to a buffer overflow and an attacker remotely executing code to take over a user's computer.
RealNetworks announced that so far there were no reports of infection received from the users, despite these vulnerabilities being considered critical.