Computer Crime Research Center

hack/hack35.jpg

RealPlayer flaws fixed

Date: November 12, 2005
Source: InformationWeek
By: Gregg Keizer

RealNetworks patched its Real Player yet again on Thursday to fix multiple critical flaws in the popular media software.

According to eEye Digital Security, which uncovered the bugs and reported them to RealNetworks, two separate vulnerabilities affect multiple versions of RealPlayer for Windows, Mac OS X, and Linux. Both were classified as a "High" threat by eEye, a ranking that means attackers could use the flaws to remotely execute code on compromised computers.

One of the vulnerabilities could allow an attacker to execute malicious code by delivering a specially-crafted Real Media file in, for instance, an e-mail. The other involves RealPlayer skin files, which transform the look of the RealPlayer program. By building a malicious skin, then enticing the victim to a Web site hosting such a skin, the attacker could grab control of the machine without any other user interaction.
Add comment  Email to a Friend

Copyright © 2001-2024 Computer Crime Research Center
CCRC logo