Four fixes shipped for "critical" RealPlayer holes

By
Follow google news

RealNetworks, maker of RealPlayer, has issued an update to address four serious bugs.


RealNetworks has issued fixes for four critical vulnerabilities in its RealPlayer program.

The patches cover bugs that affect RealPlayer versions 10 and 11 and RealPlayer Enterprise, a configurable version that is customised for use in corporations.

The vulnerabilities are ranked "highly critical" by tracking firm Secunia. One of the flaws can be exploited to cause a heap-based buffer overflow when processing a malicious Shockwave Flash file (SWF).

The bug is the only of the four that affects RealPlayer for Windows, Mac and Linux platforms.

The other flaws relate to an ActiveX control error, which can cause a heap memory corruption; an unknown local resources error; and an ActiveX error, which can be exploited to launch a stack-based buffer overflow.

RealNetworks, in an advisory, recommends users upgrade their products to the latest version.

See original article on scmagazineus.com

Add iTnews as your trusted source

Add iTnews As Your Trusted Source Add iTnews As Your Trusted Source
Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:
fixesfourpatchsecurity

Sponsored Whitepapers

Innovate anywhere with HPE and Azure Local
Innovate anywhere with HPE and Azure Local
Cloud Covered Report: New Zealand
Cloud Covered Report: New Zealand
How healthcare organisations can get more value from cloud
How healthcare organisations can get more value from cloud
The governed agent: A new framework for responsible AI at scale
The governed agent: A new framework for responsible AI at scale
Securing Machinery of Government changes
Securing Machinery of Government changes

Events

Most Read Articles

ASD to retire Essential Eight cyber security framework within next two years

ASD to retire Essential Eight cyber security framework within next two years
ASD draws a hard line on developers lacking security skills

ASD draws a hard line on developers lacking security skills
Fake IT worker threat spreads outside tech sector in Australia

Fake IT worker threat spreads outside tech sector in Australia
NAB builds integrated ops hub for threat intelligence

NAB builds integrated ops hub for threat intelligence
techpartner.news logo
Sydney-based AI-cloud waste startup raises $3m
Sydney-based AI-cloud waste startup raises $3m
Brennan uses NiCE to modernise its contact centre
Brennan uses NiCE to modernise its contact centre
Impact Awards: Tecala slashes customer response times for fintech IQumulate
Impact Awards: Tecala slashes customer response times for fintech IQumulate
Interactive introduces private cloud platform
Interactive introduces private cloud platform
Digital61 expands cybersecurity portfolio
Digital61 expands cybersecurity portfolio

Log In

  |  Forgot your password?