Real Plugs Media Player Holes RealPlayer Users Vulnerable to Code Execution Attacks Ryan Naraine
The company has released patches to protect RealPlayer users from code execution attacks.
Digital media delivery firm RealNetworks has issued a critical update to fix multiple security flaws in its RealPlayer line of media player software.
The flaws, described by Secunia as "highly critical," could allow malicious hackers access to manipulate data or hijack a vulnerable system. Affected software includes the RealOne Player, RealPlayer, and Helix Player.
RealNetworks said in an advisory that users should apply fixes for all three affected products.
RealNetworks reported the most critical flaw could allow an attacker to create an RM (Real Media) file to corrupt the media player when run from a local drive. A successful exploit might allow an attacker to execute harmful code on a user's machine, the company warned.
Attackers could also build a Web page with malformed calls to corrupt the embedded player and download executable code on a vulnerable machine.
A third flaw could allow malicious hackers to create a Web page and a media file to allow the deletion of a file in a path known to the attacker, RealNetworks explained.
It is the second time this year that RealNetworks has rushed out patches to plug serious holes in its media player. In June, the company released a fix for buffer overflows in the RealPlayer that put millions of users at risk of a PC hijack.
