Four fixes shipped for "critical" RealPlayer holes

By

RealNetworks, maker of RealPlayer, has issued an update to address four serious bugs.


RealNetworks has issued fixes for four critical vulnerabilities in its RealPlayer program.

The patches cover bugs that affect RealPlayer versions 10 and 11 and RealPlayer Enterprise, a configurable version that is customised for use in corporations.

The vulnerabilities are ranked "highly critical" by tracking firm Secunia. One of the flaws can be exploited to cause a heap-based buffer overflow when processing a malicious Shockwave Flash file (SWF).

The bug is the only of the four that affects RealPlayer for Windows, Mac and Linux platforms.

The other flaws relate to an ActiveX control error, which can cause a heap memory corruption; an unknown local resources error; and an ActiveX error, which can be exploited to launch a stack-based buffer overflow.

RealNetworks, in an advisory, recommends users upgrade their products to the latest version.

See original article on scmagazineus.com
Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:

Most Read Articles

CBA looks to GenAI to assist 1200 'security champions'

CBA looks to GenAI to assist 1200 'security champions'

Australia's super funds told to assess authentication controls

Australia's super funds told to assess authentication controls

NSW Police to embark on $126m IT overhaul

NSW Police to embark on $126m IT overhaul

Woolworths' CSO is Optus-bound

Woolworths' CSO is Optus-bound

Log In

  |  Forgot your password?