Real Player under Attack
By Ulf Mar 2, 2005, 12:06 GMT
Prepared .WAV or .SMIL files can cause a buffer overflow which enables an aggressor to upload code on the user's desktop, which is executed when the user opens the files.
Files which have been prepared like this can be transferred via email or download.
The versions affected are :
For Windows RealPlayer 10.x, RealOne Player v2 / v1, RealPlayer 8 and RealPlayer Enterprise. The fixed version is RealPlayer 10.5 (18.104.22.1689).
For Mac OS the weak spots are found in the RealPlayer 10 and RealOne Player. In version 10 (10.0.0.331) the mistake is removed.
For Linux the RealPlayer 10 and the Helix Player are affected. No fixed versions are available for this.
The Player for Symbian and PalmOS are not concerned by the weak spots.
RealNetworks classifies the security gaps as critical and recommends all users to install the available updates. Under Windows and Mac OS the update function of the Player can be used.
More info here.