RealPlayer flaws open PCs up to hijackers
Summary
Topics
The flaws, found by U.K.-based Next-Generation Security Software, can affect RealNetworks' RealOne Player, RealOne Player version 2,RealPlayer 8, RealPlayer 10 Beta, and the company's RealOne Enterpriseproducts. To exploit them, an attacker crafts the data in a media file in a certain way. When people play or stream the corrupted file in a vulnerable version of RealPlayer, the attacker's code will run, compromising the PC.
 | ||||
| | | ||
| Get Up to Speed on... Enterprise security  Get the latest headlines and company-specific news in our expanded GUTS section. | | ||
| ||||
| ||||
"By forcing a browser to a Web site containing such a file, code could be executed on the target machine running in the context of thelogged-on user," stated an advisory posted by NGSSoftware.
The vulnerabilities may affect a large portion of the 350 million unique registered users of the media player software, but RealNetworks wouldn't say how many of those people use the vulnerable versions.
"We haven't had any reports of anyone having any issues," ErikaShaffer, a spokeswoman for the Seattle multimedia company, said on Thursday. "However, we take security very seriously and so wanted to get these fixes out."
The flaw can be exploited using a specially crafted media file, which can be one of five types: RealAudio(RAM) file, RealAudio Plugin (RPM) file, RealPix (RP) file, RealText(RT) file or synchronized multimedia integration language (SMIL) file.
Security vulnerabilities that can be exploited through playing a mediafile have been rare. Last May, a flaw in the way that Microsoft'sWindows Media Player handled "skins," or interface colors and motifs, led the software giant to release a patch for that application.
RealNetworks has posted instructions on its Web site for people to update their RealPlayer software.
Talkback - Tell Us What You Think
The best of ZDNet, delivered
ZDNet Newsletters
Get the best of ZDNet delivered straight to your inbox
Facebook Activity
