News

Real Patches Two Serious Player Flaws

By Ed Oswald | Published November 11, 2005, 11:18 AM

RealNetworks patched two significant vulnerabilities that affect most versions of its Real Player software. One flaw, marked as a "high risk," allows a skin file to be downloaded and applied to the player without the user's permission. The file could contain data that causes a heap overflow, according to eEye Digital Security.

The other more serious flaw involves specially formatted .rm movie files. An attacker could use the file to trigger a direct stack overwrite and thus open up a backdoor to execute malicious code. "RealNetworks has received no reports of machines compromised as a result of the now-remedied vulnerabilities," the company said in an advisory, but pointed out that it "takes all security vulnerabilities very seriously." The patches are available through Real Player's built-in update mechanism.

Comments

View comments by with a score of at least

f00dl3
Nov 24, 2005 - 10:38 PM

It's nice to try and support the Open Source community by using programs like Quick Time Alternative and Real Alternative, but even with the latest Real Alternative, it fails to find codecs to support SMIL files. Additionally, it brings up a 404 page when trying to locate the codec for SMIL files with MPC. Had to download real player for the codecs and now Media Player Classic plays SMIL's fine.

Score: 0

|
Post Reply
Adrian79
Nov 13, 2005 - 11:36 AM

i guess the patches dont appear for the autoupdate...cuz i did a scann...no patches there hmmmm

Score: 0

|
Post Reply
roj
Nov 11, 2005 - 6:04 PM

So use Real Alternative and avoid Real's player dreck.

next...

Score: 0

|
Post Reply
Julesword
Nov 11, 2005 - 9:35 PM edited

Sadly, real alternative is little more than a pirated (or at least license violating) copy of enough of the realplayer dlls for other media players to be able to play real files. It is not rewritten, or legal. Is it safe to play realplayer files in another media player, with an older version of the dlls? Perhaps, but no guarantees.

Score: 0

|
Post Reply
Velocition
Nov 12, 2005 - 1:39 AM

If its so illegal, why don't you friggin dial 911 already, Sir Knowitall.

Score: 0

|
Post Reply
cooldude7273
Nov 12, 2005 - 11:10 AM

I'm pretty sure 911 dosn't do software piracy. I think they are busy saving lives, etc.

Score: 0

|
Post Reply
gawd21
Nov 11, 2005 - 11:27 AM

The only patch you need for Real Player is : uninst.exe

Score: 0

|
Post Reply
bourgeoisdude
Nov 11, 2005 - 11:28 AM

agreed

Score: 0

|
Post Reply
Velocition
Nov 11, 2005 - 6:16 PM

that... owned

Score: 0

|
Post Reply
JacenSolo
Nov 12, 2005 - 5:12 PM

I only use RealPlayer with trusted files... I don't just download anything.

But the same problem happens with that M$ s***, WMP.

Score: 0

|
Post Reply
fewt
Nov 12, 2005 - 5:52 PM

Well said.

Score: 0

|
Post Reply

Google rolls out real-time search, Near Me Now, extended personalization

Over time, searches from PCs and mobile phones will grow even "more personalized." But what about user privacy and search results that give you "the truth"?

Intel's marriage of CPU and GPU not ready for prime time

Although there will be an Intel component this month that can compute and plot in parallel, Betanews was told today, it won't be based on Project "Larrabee."

An alternative to Research in Motion's enterprise e-mail? There's an app for that

Good Technology today released an iPhone app compatible with its enterprise e-mail solution.

Playing catch-up in 2010: Windows Mobile, BlackBerry, and Symbian

Microsoft, RIM, and Nokia are each working on improved mobile operating systems. But could these efforts add up to too little, too late?

Windows fix for TLS security bug still forthcoming, won't be Tuesday

Anyone looking for a fix for last month's discovery of a potentially serious security hole in TLS and SSL may have to wait until everyone is ready to act together.

Not the first, not the last, technology predictions for 2010

Carmi Levy | Wide Angle Zoom: The real truth is probably that what went around in 2009, will come around to haunt us next year.

Google Goggles: Hands on with the Shazam of the Real World

Google today unveiled Goggles, its visual search lab for Android devices that identifies objects by sight.

Microsoft: Windows 7 Family Pack wasn't 'pulled,' it just sold out

If you hurry, you may still be able to find the last Family Pack upgrade editions hanging around retail store shelves, but probably not so much online.

Clever iPhone game returns after being bumped over a name dispute

The game's simple concept and multitude of platforms and puzzles manage to pull off a retro, 8-bit style that's reminiscent of an old Atari game given a modern makeover.

Report: Microsoft to randomize Europe's browser screen choices

The fact that "A" is for "Apple" was apparently at the heart of browser vendor objections to Microsoft's alternative to listing IE first.

Will Nokia's plans further alienate American consumers?

A look at Nokia's plans for the coming years does little to shine up the company's increasingly dull image.