X
Tech

RealPlayer haunted by 11 critical vulnerabilities

RealNetworks released an advisory to warn of the vulnerabilities, which could be exploited via rigged image and media files to launch remote code execution attacks.
Written by Ryan Naraine, Contributor

A quick heads-up to any computer users out with RealPlayer installed:  There are at least 11 critical vulnerabilities that expose Windows, Mac and Linux users to malicious hacker attacks.

RealNetworks released an advisory to warn of the vulnerabilities, which could be exploited via rigged image and media files to launch remote code execution attacks.

The vulnerabilities also affect some versions of the Helix Player for Linux.

Here are the details from the RealNetworks alert:

  1. A heap overflow error when processing a malformed ASM Rulebook, which could be exploited to execute arbitrary code.
  2. A heap overflow error when processing a malformed GIF file, which could be exploited to execute arbitrary code.
  3. A buffer overflow error when processing a malformed media file, which could be exploited to execute arbitrary code.
  4. A buffer overflow error when processing a malformed IVR file, which could be exploited to execute arbitrary code.
  5. A heap overflow error when processing a malformed IVR file, which could be exploited to execute arbitrary code.
  6. A heap overflow error related to the SIPR Codec, which could be exploited to execute arbitrary code.
  7. A heap overflow error when processing a malformed compressed GIF, which could be exploited to execute arbitrary code.
  8. A heap overflow error when parsing a malformed SMIL file, which could be exploited to execute arbitrary code.
  9. A heap overflow error when parsing a malformed Skin, which could be exploited to execute arbitrary code.
  10. An array overflow error when parsing a malformed ASM RuleBook, which could be exploited to execute arbitrary code.
  11. A buffer overflow error related to rtsp "set_parameter" method, which could be exploited to execute arbitrary code.

RealPlayer is a favorite target for malware writers and fraudware purveyors who rig exploits into Web pages to launch drive-by download attacks.  This should be treated as a critical update for all RealPlayer users. If you don't use the software, you are best advised to uninstall it immediately.

GALLERY:

Editorial standards