RealNetworks Patches Holes in RealPlayer Highly Critical Security Flaw Patched in RealPlayer Tim Gray
Digital media company RealNetworks has rolled out patches for a highly critical security flaw discovered in RealPlayer and other RealNetworks software.
The vulnerability is a boundary error that could potentially allow the execution of malicious code, according to Danish security firm Secunia. It can be exploited by specially written WAV or SMIL files that cause buffer overflows that could have allowed attackers to execute arbitrary code to be run.
"RealNetworks has addressed recently discovered security vulnerabilities that offered the potential for an attacker to run arbitrary or malicious code on a customer's machine," RealNetworks officials said in a statement. "RealNetworks has received no reports of machines compromised as a result of the now-remedied vulnerabilities."
The products affected include RealPlayer 8 and 10.x, RealOne Player 1 and 2, Helix Player 1, and RealPlayer Enterprise 1.x., according to the company.
Real Networks classified the holes as "critical" and recommended users install the available updates. Under Windows and Mac OS the update function of the Player can be used. Mac and Windows users should upgrade their players via the Check for Update menu, according to the company.
In related news, California-based security firm eEye Digital Security reported it has discovered critical security vulnerabilities in Computer Associates' licensing software.
Computer Associates announced it has released patches for the security flaws that concern buffer overflow vulnerabilities in its licensing software.
eEye Digital Security said the flaws affect several components of CA software on open source, Windows, and Mac OS X platforms.
If exploited, the flaws could enable malicious third parties to run code on a compromised machine, according to the company.
