Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.
November 11, 2005
1 Min Read
RealNetworks patched its Real Player yet again on Thursday to fix multiple critical flaws in the popular media software.
According to eEye Digital Security, which uncovered the bugs and reported them to RealNetworks, two separate vulnerabilities affect multiple versions of RealPlayer for Windows, Mac OS X, and Linux. Both were classified as a "High" threat by eEye, a ranking that means attackers could use the flaws to remotely execute code on compromised computers.
One of the vulnerabilities could allow an attacker to execute malicious code by delivering a specially-crafted Real Media file in, for instance, an e-mail. The other involves RealPlayer skin files, which transform the look of the RealPlayer program. By building a malicious skin, then enticing the victim to a Web site hosting such a skin, the attacker could grab control of the machine without any other user interaction.
The second vulnerability only affects systems running the Windows version of RealPlayer.
RealNetworks has posted patches for both bugs on its Web site. The affected versions include RealPlayer 10.5, 10, and 8 (Windows), RealPlayer 10 (Mac), RealPlayer 10 (Linux), RealOne Player 1 and 2 (Windows), RealPlayer Enterprise (Windows), and Helix Player (Linux).
RealNetworks said in its advisory that it's not received any reports of actual attacks using these vulnerabilities, but urged users to immediately patch their players.
You May Also Like
The Total Economic Impact™ Of Fortinet NGFW For Data Center And AI-Powered FortiGuard Security Services Solution Study
Edge Computing Bridges IT and OT People, Process, and Technology
*State of ITSM in Retail
Solution Brief: Fortinet FortiFlex Delivers Usage-Based Security Licensing That Moves at the Speed of Digital Accelerationâ€‹
Checklist: Top 6 Considerations to Optimize Your Digital Acceleration Security Spend