July 28, 2008

Four fixes shipped for "critical" RealPlayer holes

RealNetworks has issued fixes for four critical vulnerabilities in its RealPlayer program.

The patches cover bugs that affect RealPlayer versions 10 and 11 and RealPlayer Enterprise, a configurable version that is customized for use in corporations.

The vulnerabilities are ranked "highly critical" by tracking firm Secunia. One of the flaws can be exploited to cause a heap-based buffer overflow when processing a malicious Shockwave Flash file (SWF).

The bug is the only of the four that affects RealPlayer for Windows, Mac and Linux platforms.

The other flaws relate to an ActiveX control error, which can cause a heap memory corruption; an unknown local resources error; and an ActiveX error, which can be exploited to launch a stack-based buffer overflow.

RealNetworks, in an advisory, recommends users upgrade their products to the latest version.

Related Articles
Related Topics
Related Links

Sign up to our newsletters

More in News

Bitcoin mining botnet has become one of the most prevalent cyber threats

Fortinet researchers have tracked 100,000 new ZeroAccess trojan infections per week, making the botnet very lucrative to its owners.

House Intelligence Committee OKs amended version of controversial CISPA

House Intelligence Committee OKs amended version of controversial ...

Despite the 18-to-2 vote in favor of the bill proposal, privacy advocates likely will not be satisfied, considering two key amendments reportedly were shot down.

Judge rules hospital can ask ISP for help in ID'ing alleged hackers

Judge rules hospital can ask ISP for help ...

The case stems from two incidents where at least one individual is accused of accessing the hospital's network to spread "defamatory" messages to employees.