RealPlayer haunted by 11 critical vulnerabilities

Summary:RealNetworks released an advisory to warn of the vulnerabilities, which could be exploited via rigged image and media files to launch remote code execution attacks.

A quick heads-up to any computer users out with RealPlayer installed:  There are at least 11 critical vulnerabilities that expose Windows, Mac and Linux users to malicious hacker attacks.

RealNetworks released an advisory to warn of the vulnerabilities, which could be exploited via rigged image and media files to launch remote code execution attacks.

The vulnerabilities also affect some versions of the Helix Player for Linux.

Here are the details from the RealNetworks alert:

  1. A heap overflow error when processing a malformed ASM Rulebook, which could be exploited to execute arbitrary code.
  2. A heap overflow error when processing a malformed GIF file, which could be exploited to execute arbitrary code.
  3. A buffer overflow error when processing a malformed media file, which could be exploited to execute arbitrary code.
  4. A buffer overflow error when processing a malformed IVR file, which could be exploited to execute arbitrary code.
  5. A heap overflow error when processing a malformed IVR file, which could be exploited to execute arbitrary code.
  6. A heap overflow error related to the SIPR Codec, which could be exploited to execute arbitrary code.
  7. A heap overflow error when processing a malformed compressed GIF, which could be exploited to execute arbitrary code.
  8. A heap overflow error when parsing a malformed SMIL file, which could be exploited to execute arbitrary code.
  9. A heap overflow error when parsing a malformed Skin, which could be exploited to execute arbitrary code.
  10. An array overflow error when parsing a malformed ASM RuleBook, which could be exploited to execute arbitrary code.
  11. A buffer overflow error related to rtsp "set_parameter" method, which could be exploited to execute arbitrary code.

RealPlayer is a favorite target for malware writers and fraudware purveyors who rig exploits into Web pages to launch drive-by download attacks.  This should be treated as a critical update for all RealPlayer users. If you don't use the software, you are best advised to uninstall it immediately.

GALLERY:

Topics: Hardware, Mobility, Security

About

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company's online community initiative around secure content managem... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.