Welcome to P2PNET.net - The original daily p2p and digital news site. Always First!
Register | Login
RIAA News
Cool Stuff
MPAA News
Games / Consoles
News
Music
Movies
TV
Open Source
Mobiles
Advertising
Product News
P2P
Off Topic
Freedom
Politics
Interviews
Security
DRM
Links
p2pnet Digests
Search: 
Search
 
Web P2PNET   
   Search: 
Search
Torrent Site Tracker
MP3 Rocket
Add real-time p2pnet headlines to YOUR site ! Click here to download our newsfeed code
p2pnet - rss feed: http://p2pnet.net/p2p.rss | p2pnet celebrities: http://p2pnet.net/celeb.rss | Mobile? http://p2pnet.net/index-wml.php

RealNetworks danger warning

p2pnet.net News:- Almost exactly a year ago corporate music service owner RealNetworks said it had fixed major security holes in its media player software.

The announcement followed earlier news that some of its players had "security vulnerabilities" that could "potentially allow an attacker to run arbitrary code on a user’s machine".

Then on March 3 this year p2pnet reported, "RealNetworks has had to build new versions of its RealPlayer to combat what Secunia describes as Highly Critical security flaws which can be exploited by hackers looking to compromise users’ systems.”

Now the company is again saying users are seriously at serious risk because of new security flaws in RealPlayer 10 and 10.5, RealOne Player versions 1 and 2, RealPlayer 8 and RealPlayer Enterprise.which could allow a hacker to:

Exploit 1: Fashion a malicious MP3 file to allow the overwriting of a local file or execution of an ActiveX control on a customer’s machine.

Exploit 2: Fashion a malicious RealMedia file which uses RealText to cause a heap overflow to allow an attacker to execute arbitrary code on a customer’s machine.

Exploit 3: Fashion a malicious AVI file to cause a buffer overflow to allow an attacker to execute arbitrary code on a customer’s machine.

Exploit 4: And using default settings of earlier Internet Explorer browsers, a malicious website could cause a local HTML file to be created and then trigger an RM file to play which would then reference this local HTML file.

Go the the company’s site here for more details, together with links to patch downloads and instructions.

Something you think we should know? tips[at]p2pnet.net

See:-
a year ago - Security flaws fixed: Real, p2pnet, June 11, 2004
earlier news - RealPlayer security holes, p2pnet, February 7, 2004
build new versions - Highly critical RealPlayer flaws, p2pnet, March 3, 2005

This entry was posted on Friday, June 24th, 2005 at 1:43 am and is filed under Uncategorized. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

HOME

Viewed 1980 times

« previous September TV pilots online
Yahoo dumps child sex rooms next »

3 Responses to “RealNetworks danger warning”

  1. Reader's Write Says:
    June 24th, 2005 at 2:01 am

    I guess we’re pretty safe from any problems. Who uses realplayer to play .avi or .mp3 files?

  2. Reader's Write Says:
    June 24th, 2005 at 1:01 pm

    “Who uses realplayer to play .avi or .mp3 files?” LoL

  3. Reader's Write Says:
    July 3rd, 2005 at 4:17 pm

    it should be made clear that these flaws only apply to stupid M$ windows based systems.

Leave a Reply
    Advertisments
Blubster
teksavvy2