News

Real Patches Two Serious Player Flaws

By Ed Oswald | Published November 11, 2005, 11:18 AM

RealNetworks patched two significant vulnerabilities that affect most versions of its Real Player software. One flaw, marked as a "high risk," allows a skin file to be downloaded and applied to the player without the user's permission. The file could contain data that causes a heap overflow, according to eEye Digital Security.

The other more serious flaw involves specially formatted .rm movie files. An attacker could use the file to trigger a direct stack overwrite and thus open up a backdoor to execute malicious code. "RealNetworks has received no reports of machines compromised as a result of the now-remedied vulnerabilities," the company said in an advisory, but pointed out that it "takes all security vulnerabilities very seriously." The patches are available through Real Player's built-in update mechanism.

Comments

View comments by with a score of at least

f00dl3
Nov 24, 2005 - 10:38 PM

It's nice to try and support the Open Source community by using programs like Quick Time Alternative and Real Alternative, but even with the latest Real Alternative, it fails to find codecs to support SMIL files. Additionally, it brings up a 404 page when trying to locate the codec for SMIL files with MPC. Had to download real player for the codecs and now Media Player Classic plays SMIL's fine.

Score: 0

|
Post Reply
Adrian79
Nov 13, 2005 - 11:36 AM

i guess the patches dont appear for the autoupdate...cuz i did a scann...no patches there hmmmm

Score: 0

|
Post Reply
roj
Nov 11, 2005 - 6:04 PM

So use Real Alternative and avoid Real's player dreck.

next...

Score: 0

|
Post Reply
Julesword
Nov 11, 2005 - 9:35 PM edited

Sadly, real alternative is little more than a pirated (or at least license violating) copy of enough of the realplayer dlls for other media players to be able to play real files. It is not rewritten, or legal. Is it safe to play realplayer files in another media player, with an older version of the dlls? Perhaps, but no guarantees.

Score: 0

|
Post Reply
Velocition
Nov 12, 2005 - 1:39 AM

If its so illegal, why don't you friggin dial 911 already, Sir Knowitall.

Score: 0

|
Post Reply
cooldude7273
Nov 12, 2005 - 11:10 AM

I'm pretty sure 911 dosn't do software piracy. I think they are busy saving lives, etc.

Score: 0

|
Post Reply
gawd21
Nov 11, 2005 - 11:27 AM

The only patch you need for Real Player is : uninst.exe

Score: 0

|
Post Reply
bourgeoisdude
Nov 11, 2005 - 11:28 AM

agreed

Score: 0

|
Post Reply
Velocition
Nov 11, 2005 - 6:16 PM

that... owned

Score: 0

|
Post Reply
JacenSolo
Nov 12, 2005 - 5:12 PM

I only use RealPlayer with trusted files... I don't just download anything.

But the same problem happens with that M$ s***, WMP.

Score: 0

|
Post Reply
fewt
Nov 12, 2005 - 5:52 PM

Well said.

Score: 0

|
Post Reply

Microsoft's Bob Muglia and Ray Ozzie on Silverlight vs. standards

Bob Muglia: "We're trying to provide people with an environment that has capabilities that you just simply can't do today in the standards-based world."

Uh-oh, netbooks -- not Windows 7 -- will lift 2009 PC sales

Santa may bring a lump of coal to the Windows PC industry this holiday season. Netbook sales will sap PC margins, while weak Windows 7 PC sales could further drive down average selling prices.

Google's value proposition for Chrome OS: Should we feel insulted?

For a search engine that has direct access to all the world's online history, it appears to have taught Google nothing about selling a machine.

PDC 2009: What have we learned this week?

There was the freebie that no one will forget, the heebie-jeebies courtesy of Scott Guthrie, and a teensy bit clearer picture of how this cloud thingie should work.

Where there's smoke: Apple warranty stance raises troubling questions

Carmi Levy | Wide Angle Zoom: Smoking can be dangerous not only for your lungs, it appears, but for your Apple hardware warranty.

Microsoft's .NET Micro Framework is now free and open source

The latest version of Microsoft's .NET Micro framework is now in the hands of the FOSS community.

E-book readers will be in short supply this holiday season

E-readers are hot this year, and a lot of compelling new products have been released, but are there enough electrophoretic displays to go around?

Sony looks to finally open a single storefront for downloads

Sony has had many different download portals for movies, music, e-books, and games, and now it's looking to make a single shop for all of it.

Tuning out the tablet: Time to give the endless speculation a rest

Wide Angle Zoom: Wishing and hoping and thinking and praying....won't put an iTablet on the market.

Five improvements for IT managers in 2010

If businesses are to improve their efficiency for next year, they need to stop and reassess the basic tenets of their job.

Live report: Will Google Chrome OS change Linux?

The mysteries of just what Chrome OS is, and how much of an operating system it truly is, may be resolved today.