RealNetworks patches security holes

By Derek Sooman on March 3, 2005, 2:06 PM
Following a security vulnerability in RealPlayer and RealOne Player software that could allow an attacker to run malicious code on a machine, RealNetworks have issued a software patch on Tuesday to fix the holes. Dealing with a potential security problem whereby crackers could use specially crafted SMIL (Synchronized Multimedia Integration Language) files to create buffer overflows on vulnerable systems, RealNetworks is encouraging customers to upgrade or patch their software.

The vulnerability exists in a component of RealPlayer that processes user-supplied data in a SMIL file for use by RealPlayer. Attackers could format a SMIL file to take advantage of the hole and create a buffer overflow on the machine running RealPlayer that would allow them to run their own malicious code on the system, according to an advisory from security company iDefense.

Many versions of RealPlayer and RealOne Player are vulnerable to this security flaw, including versions for Windows, Mac and Linux.

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.