RealPlayer Patches Released to Fix High-Risk Security Flaws

[Gordon Darling]

Shavlik Technologies <http://www.shavlik.com>
have announced

"RealNetworks has announced the release of 4 new patches to address
high-risk vulnerabilities in its popular RealPlayer software. These flaws
could allow hackers to gain control of user systems remotely and execute
code. A specific exploit could allow an attacker to create a malicious
MP3 file to allow the overwriting of a local file or execution of an
ActiveX control on an upatched computer. These newly released flaws
affect all versions of RealPlayer 10. "

http://service.real.com/help/faq/security/050623_player/

Regards
Gordon

 

[Richard Steinfeld]

Shavlik Technologies <http://www.shavlik.com>
have announced

"RealNetworks has announced the release of 4 new patches to address
high-risk vulnerabilities in its popular RealPlayer software. These flaws
could allow hackers to gain control of user systems remotely and execute
code. A specific exploit could allow an attacker to create a malicious
MP3 file to allow the overwriting of a local file or execution of an
ActiveX control on an upatched computer. These newly released flaws
affect all versions of RealPlayer 10. "

http://service.real.com/help/faq/security/050623_player/

Regards
Gordon

Parallel universe calling:
Yoo-hoo, over there: You in that thing you call your "Solar System:"

This immediately calls up a question: do the same vulnerabilities exist
in the Real Alternative file set? And if so, how does one go about
fixing those?

Note to confused folks: Real Player is a humungous application (in fact
"humungous" is an understatement) that takes over a computer. Real
Alternative is a set of files that allow Real-encoded streams, such as
listen-on-demand audio from the BBC and USA public radio stations, to be
heard without installing Real's gargantuan software. The user must
_also_ unstall a media player that will allow the use of those files as
a plug-in module. There are presently three free programs that can be
used with the Real Alternative files.

Richard

 

[Mel]

Parallel universe calling:
Yoo-hoo, over there: You in that thing you call your "Solar System:"

This immediately calls up a question: do the same vulnerabilities exist
in the Real Alternative file set? And if so, how does one go about
fixing those?

Note to confused folks: Real Player is a humungous application (in fact
"humungous" is an understatement) that takes over a computer. Real
Alternative is a set of files that allow Real-encoded streams, such as
listen-on-demand audio from the BBC and USA public radio stations, to be
heard without installing Real's gargantuan software. The user must
_also_ unstall a media player that will allow the use of those files as
a plug-in module. There are presently three free programs that can be
used with the Real Alternative files.

Richard

This latest Real flaw is in the file vidplin.dll , if the Alternative uses vidplin.dll
for processing .avi movie files it is highly likely to be vulnerable. However
doesn't Real Alternative use several other old Real components that contain
flaws fixed in more recent versions of Real anyway?


Regards

Mel.

 

[Sweet Andy]

You mean Real Player is still getting bigger. LOL

 

[elaich]

"RealNetworks has announced the release of 4 new patches to address
high-risk vulnerabilities in its popular RealPlayer software.

Are you saying that people still use this monstrosity?