Print this article | E-mail this article | Comment on this article

Real partially patches 'highly critical' RealPlayer flaws

By Ed Oswald, BetaNews

July 29, 2008, 5:50 PM

Security firm Secunia said Tuesday that RealNetworks had fixed most of the security flaws within its RealPlayer software that were first highlighted on Friday.

Four separate issues were discovered within most versions of RealPlayer 10, 10.5, and 11 across the Linux, Mac, and Windows platforms. While the company released the patch on Monday, which Secunia noted in its advisory, the firm said the fix was not complete.

The issue still not fully patched is related to an error in the rmoc3260 ActiveX control "when handling the 'Controls,' 'Console,' or 'WindowName' properties with a specific timing."

Attackers who exploit this flaw could cause a memory corruption, which could be used to expose sensitive information stored on the affected machine.

Secunia seems to indicates that the other three flaws are now fixed. They include: an unspecified error which can be used to reference local resource, an error in how frames are handled in SWF files, and a boundary error in the file rjbdll.dll which can be used to cause a stack buffer overflow.

In all cases, attackers could use the flaws to execute arbitrary code, the firm said. RealPlayers users can update the software by using the "check for update" function in Windows, while Mac and Linux users should download the latest version of Real's software from its Web site.

Add a Comment (8 Comments)

BetaNews reserves the right to remove any comment at any time for any reason. Please keep your responses appropriate and on topic. Foul language and personal attacks will not be tolerated.

By twosheds

posted Jul 30, 2008 - 8:49 PM

Can't understand how they got nearly 10 years out of that invasive piece of crap.

Score: 0

By morriscox

posted Jul 29, 2008 - 6:27 PM

"which can be used to reference local resource".

Should that be either "which can be used to reference a local resource" or "which can be used to reference local resources"?

Score: 0

By gawd21

posted Jul 29, 2008 - 6:14 PM

People still use RM?

Score: 0

By Paul Skinner

posted Jul 29, 2008 - 6:57 PM

Unfortunately the BBC still have some RM on their site, which means I have to have the RealAlternative installed. It's being phased out though in favour of flash.

Score: 0

By flibberyGiveIt

edited Jul 31, 2008 - 3:29 PM

I remember when Shockwave Flash was new.
I was on dial up, and I'd go to a website
and a javascript would lock up IE and slow
the whole computer while it DL'd a few megs
of flash which would give some kind of
invalid argument error and fail to run.
(this was around the time when I couldn't
afford Netscape.)

Firewalls are good, and old habits die hard

Which doesn't matter as per the BBC 'cause I
ain't in the UK.

Score: 0

By uberfly

edited Jul 30, 2008 - 1:42 AM

At this point, I think all streaming vid methods have lost out to flash. Lookin that way at least.

Score: 0

By Scary Guy

posted Jul 29, 2008 - 6:43 PM

There is no shortage of retards on the planet, nore smart con men who will take advantage of them. We've all used their crappy software at one point or another. After RealOne came out I vowed never to install any of their crap again.

Score: 0

By gawd21

posted Jul 30, 2008 - 12:56 AM

Yeah, I seconded that.

Score: 0

Nov 21 - 6:51 PM ET Coalition urges better laws for e-mail and cell phone privacy

Nov 21 - 6:42 PM ET How is Internet advertising faring in this bad economy?

Nov 21 - 6:15 PM ET From out of the Amazon Cloud, an AWS winner emerges

Nov 21 - 5:20 PM ET Mufin music finder enters public beta, adds widgets

Nov 21 - 5:01 PM ET Google launches its SearchWiki semantics plug-in

Nov 21 - 4:57 PM ET Asus previews a slimmer, less costly Eee PC

Nov 21 - 4:32 PM ET New Adobe Media Player ushers in AIR 1.5

Nov 21 - 2:11 PM ET AT&T to add Pantech's low-cost C630 phone to 3G lineup

Nov 21 - 1:11 PM ET iPhone gets firmware 2.2 update

Nov 21 - 11:51 AM ET The Dell surprise: Higher earnings on lower revenue