Security holes haunt RealPlayer

Real Networks has fixed four serious security vulnerabilities in its Real, Rhapsody and Helix media players.

Two of the security holes put users at risk of buffer overflow attacks just by playing a media file.

The first vulnerability uses the .avi movie file format to overwrite a compromised PC’s heap memory, which in turn allows hackers to take control of a system.

The vulnerability can be triggered by a webpage containing a movie configured to start playing automatically, according to an advisory from eEye, the security consultancy that first reported the vulnerability. It ranks the severity as ‘high’.

A hacker could also… Read more at VNUnet.

Real Networks has fixed four serious security vulnerabilities in its Real, Rhapsody and Helix media players.

Two of the security holes put users at risk of buffer overflow attacks just by playing a media file.

The first vulnerability uses the .avi movie file format to overwrite a compromised PC’s heap memory, which in turn allows hackers to take control of a system.

The vulnerability can be triggered by a webpage containing a movie configured to start playing automatically, according to an advisory from eEye, the security consultancy that first reported the vulnerability. It ranks the severity as ‘high’.

A hacker could also… Read more at VNUnet.