Skip to content

New RealPlayer vulnerability being exploited

Versions 10 and 11 of RealPlayer ® apparently are prone to a buffer overflow vulnerability that already is exploited remotely. The vulnerability may allow the attacker to execute arbitrary code; it may also result in denial of service.

No fix is currently available. Since the details of the vulnerability are not well known, there is no definitive workaround. However, disabling ActiveX and JavaScript may be useful.

Sources:

Post a comment Trackbacks closed RSS 2.0 feed for these comments This entry (permalink) was posted on Friday, October 19, 2007, at 10:56:00 by Thor Kottelin. Filed in Internetworking, Security and tagged , , , , , , , .

3 Comments

  1. Anonymous wrote:

    the fix is now here:
    http://service.real.com/realplayer/security/191007_player/en/
    or
    http://tinyurl.com/2oqpgk

    Posted on 20-Oct-07 at 09:35:00 | Permalink
  2. Anonymous wrote:

    Thanks, Anonymous!
    In order to expand on the scope of the vulnerability, I’ll summarize a little from the page you mention.
    - RealPlayer 10.5 and RealPlayer 11 beta users should install the patch.
    - RealOne Player, RealOne Player v2 and RealPlayer 10 users should first upgrade to RealPlayer 10.5 or RealPlayer 11 beta, then install the patch.
    - RealPlayer 8 and earlier versions of RealNetworks software for Windows are not affected.
    - Macintosh and Linux versions of RealPlayer are not affected.

    Posted on 20-Oct-07 at 12:22:00 | Permalink
  3. Anonymous wrote:

    thanks Anonymous
    http://www.ec2biz.com

    Posted on 22-Oct-07 at 20:10:00 | Permalink

Post a Comment

Your email is never published nor shared. Required fields are marked *
*
*