Following a security vulnerability in RealPlayer and RealOne Player software that could allow an attacker to run malicious code on a machine, RealNetworks have issued a software patch
on Tuesday to fix the holes. Dealing with a potential security problem whereby crackers could use specially crafted SMIL (Synchronized Multimedia Integration Language) files to create buffer overflows on vulnerable systems, RealNetworks is encouraging customers to upgrade
or patch their software.
The vulnerability exists in a component of RealPlayer that processes user-supplied data in a SMIL file for use by RealPlayer. Attackers could format a SMIL file to take advantage of the hole and create a buffer overflow on the machine running RealPlayer that would allow them to run their own malicious code on the system, according to an advisory from security company iDefense.
Many versions of RealPlayer and RealOne Player are vulnerable to this security flaw, including versions for Windows, Mac and Linux.