We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

Security flaws found in RealPlayer

RealMedia files could be used to delete files from vulnerable PCs


EEye Digital Security has uncovered new security holes affecting a wide range of RealNetworks' media players, the latest desktop-based bugs set to worry IT managers. The flaws could be exploited via a malicious webpage or a RealMedia file run from a local drive to take over a user's system or delete files, according to RealNetworks.

Researchers have turned up a myriad of serious security flaws in client software over the past few weeks, and such bugs can be difficult to patch because of the sheer number of desktops in use. Recently vulnerabilities have been revealed in WinAmp, WinZip, and Apple Computer's iChat messaging program.

A vulnerability in the way Windows software decodes Jpeg images has already been exploited by specially crafted pictures.

RealPlayer itself was hit by serious bugs in February and June.
The most serious of the three new bugs involves malformed calls, and could be exploited via a player embedded in a malicious site to execute arbitrary code. This bug affects RealPlayer versions 10, 10.5, as well as RealOne Player v1 and v2 on Windows.

A second bug could also allow malicious code execution, but only via a local RM file, RealNetworks says. The bug affects several versions of RealPlayer and RealOne Player on Windows, Mac OSX and Linux.

The third bug allows a malicious website and malicious media files to delete files on a user's PC, if the attacker knows where the files are located. This bug affects RealPlayer versions 10 and 10.5, as well as RealOne Player v1 and v2 on Windows.

In an advisory, RealNetworks says it has received no reports of attacks using these vulnerabilities, but has issued patches for the affected software. Danish security firm Secunia gave the bugs a "highly critical" ranking.


IDG UK Sites

Windows 10 release date, price, features UK: Staggered release with PCs coming first this summer -...

IDG UK Sites

In defence of BlackBerrys

IDG UK Sites

Why we should reserve judgement on Apple ditching Helvetica in OS X/iOS for the Apple Watch's San...

IDG UK Sites

MacBook Pro 15in preview: better battery life, faster storage and a new discrete graphics chip may...