Login:
Password:
Lost Password?
Print this article  |  E-mail this article  |  Comment on this article

Real Patches Two Serious Player Flaws

By Ed Oswald, BetaNews

November 11, 2005, 11:18 AM

RealNetworks patched two significant vulnerabilities that affect most versions of its Real Player software. One flaw, marked as a "high risk," allows a skin file to be downloaded and applied to the player without the user's permission. The file could contain data that causes a heap overflow, according to eEye Digital Security.

The other more serious flaw involves specially formatted .rm movie files. An attacker could use the file to trigger a direct stack overwrite and thus open up a backdoor to execute malicious code. "RealNetworks has received no reports of machines compromised as a result of the now-remedied vulnerabilities," the company said in an advisory, but pointed out that it "takes all security vulnerabilities very seriously." The patches are available through Real Player's built-in update mechanism.

Add a Comment (11 Comments)

BetaNews reserves the right to remove any comment at any time for any reason. Please keep your responses appropriate and on topic. Foul language and personal attacks will not be tolerated.

Name (required):

E-mail (required):

Enter Your Comment:

By f00dl3

posted Nov 24, 2005 - 10:38 PM

It's nice to try and support the Open Source community by using programs like Quick Time Alternative and Real Alternative, but even with the latest Real Alternative, it fails to find codecs to support SMIL files. Additionally, it brings up a 404 page when trying to locate the codec for SMIL files with MPC. Had to download real player for the codecs and now Media Player Classic plays SMIL's fine.

Score: 0

By Adrian79

posted Nov 13, 2005 - 11:36 AM

i guess the patches dont appear for the autoupdate...cuz i did a scann...no patches there hmmmm

Score: 0

By roj

posted Nov 11, 2005 - 6:04 PM

So use Real Alternative and avoid Real's player dreck.

next...

Score: 0

By Julesword

edited Nov 11, 2005 - 9:35 PM

Sadly, real alternative is little more than a pirated (or at least license violating) copy of enough of the realplayer dlls for other media players to be able to play real files. It is not rewritten, or legal. Is it safe to play realplayer files in another media player, with an older version of the dlls? Perhaps, but no guarantees.

Score: 0

By Velocition

posted Nov 12, 2005 - 1:39 AM

If its so illegal, why don't you friggin dial 911 already, Sir Knowitall.

Score: 0

By cooldude7273

posted Nov 12, 2005 - 11:10 AM

I'm pretty sure 911 dosn't do software piracy. I think they are busy saving lives, etc.

Score: 0

By gawd21

posted Nov 11, 2005 - 11:27 AM

The only patch you need for Real Player is : uninst.exe

Score: 0

By fewt

posted Nov 12, 2005 - 5:52 PM

Well said.

Score: 0

By Velocition

posted Nov 11, 2005 - 6:16 PM

that... owned

Score: 0

By bourgeoisdude

posted Nov 11, 2005 - 11:28 AM

agreed

Score: 0

By JacenSolo

posted Nov 12, 2005 - 5:12 PM

I only use RealPlayer with trusted files... I don't just download anything.

But the same problem happens with that M$ s***, WMP.

Score: 0

Nov 21 - 6:51 PM ET Coalition urges better laws for e-mail and cell phone privacy

Nov 21 - 6:42 PM ET How is Internet advertising faring in this bad economy?

Nov 21 - 6:15 PM ET From out of the Amazon Cloud, an AWS winner emerges

Nov 21 - 5:20 PM ET Mufin music finder enters public beta, adds widgets

Nov 21 - 5:01 PM ET Google launches its SearchWiki semantics plug-in

Nov 21 - 4:57 PM ET Asus previews a slimmer, less costly Eee PC

Nov 21 - 4:32 PM ET New Adobe Media Player ushers in AIR 1.5

Nov 21 - 2:11 PM ET AT&T to add Pantech's low-cost C630 phone to 3G lineup

Nov 21 - 1:11 PM ET iPhone gets firmware 2.2 update

Nov 21 - 11:51 AM ET The Dell surprise: Higher earnings on lower revenue