Print this article  |  E-mail this article  |  Comment on this article

Real Patches Two Serious Player Flaws

By Ed Oswald, BetaNews

November 11, 2005, 11:18 AM

RealNetworks patched two significant vulnerabilities that affect most versions of its Real Player software. One flaw, marked as a "high risk," allows a skin file to be downloaded and applied to the player without the user's permission. The file could contain data that causes a heap overflow, according to eEye Digital Security.

The other more serious flaw involves specially formatted .rm movie files. An attacker could use the file to trigger a direct stack overwrite and thus open up a backdoor to execute malicious code. "RealNetworks has received no reports of machines compromised as a result of the now-remedied vulnerabilities," the company said in an advisory, but pointed out that it "takes all security vulnerabilities very seriously." The patches are available through Real Player's built-in update mechanism.

Add a Comment (11 Comments)

BetaNews reserves the right to remove any comment at any time for any reason. Please keep your responses appropriate and on topic. Foul language and personal attacks will not be tolerated.

Name (required):

E-mail (required):

Enter Your Comment:

By f00dl3

posted Nov 24, 2005 - 10:38 PM

It's nice to try and support the Open Source community by using programs like Quick Time Alternative and Real Alternative, but even with the latest Real Alternative, it fails to find codecs to support SMIL files. Additionally, it brings up a 404 page when trying to locate the codec for SMIL files with MPC. Had to download real player for the codecs and now Media Player Classic plays SMIL's fine.

Score: 0

By Adrian79

posted Nov 13, 2005 - 11:36 AM

i guess the patches dont appear for the autoupdate...cuz i did a scann...no patches there hmmmm

Score: 0

By roj

posted Nov 11, 2005 - 6:04 PM

So use Real Alternative and avoid Real's player dreck.

next...

Score: 0

By Julesword

edited Nov 11, 2005 - 9:35 PM

Sadly, real alternative is little more than a pirated (or at least license violating) copy of enough of the realplayer dlls for other media players to be able to play real files. It is not rewritten, or legal. Is it safe to play realplayer files in another media player, with an older version of the dlls? Perhaps, but no guarantees.

Score: 0

By Velocition

posted Nov 12, 2005 - 1:39 AM

If its so illegal, why don't you friggin dial 911 already, Sir Knowitall.

Score: 0

By cooldude7273

posted Nov 12, 2005 - 11:10 AM

I'm pretty sure 911 dosn't do software piracy. I think they are busy saving lives, etc.

Score: 0

By gawd21

posted Nov 11, 2005 - 11:27 AM

The only patch you need for Real Player is : uninst.exe

Score: 0

By fewt

posted Nov 12, 2005 - 5:52 PM

Well said.

Score: 0

By Velocition

posted Nov 11, 2005 - 6:16 PM

that... owned

Score: 0

By bourgeoisdude

posted Nov 11, 2005 - 11:28 AM

agreed

Score: 0

By JacenSolo

posted Nov 12, 2005 - 5:12 PM

I only use RealPlayer with trusted files... I don't just download anything.

But the same problem happens with that M$ s***, WMP.

Score: 0

Oct 15 - 1:50 PM ET Nvidia announces 9400M integrated GPU

Oct 15 - 1:11 PM ET The Windows name: Is there special significance to '7?'

Oct 15 - 1:08 PM ET With increasing traffic, AOL eyes 'social network aggregation'

Oct 15 - 11:34 AM ET Adobe launches 'Astro,' Flash Player 10

Oct 15 - 11:29 AM ET Intel says it's positioned for the coming economic storm

Oct 15 - 10:09 AM ET Mint sweetens the deal with investment tracking

Oct 14 - 8:13 PM ET Intel, OLPC lose to NComputing in the race for India

Oct 14 - 6:39 PM ET Academic libraries pave a new path away from Google

Oct 14 - 6:11 PM ET First public Firefox 3.1 Beta 1 builds now downloadable

Oct 14 - 5:11 PM ET Apple has a surprise competitor in notebooks: Samsung