July 28, 2008

Four fixes shipped for "critical" RealPlayer holes

RealNetworks has issued fixes for four critical vulnerabilities in its RealPlayer program.

The patches cover bugs that affect RealPlayer versions 10 and 11 and RealPlayer Enterprise, a configurable version that is customized for use in corporations.

The vulnerabilities are ranked "highly critical" by tracking firm Secunia. One of the flaws can be exploited to cause a heap-based buffer overflow when processing a malicious Shockwave Flash file (SWF).

The bug is the only of the four that affects RealPlayer for Windows, Mac and Linux platforms.

The other flaws relate to an ActiveX control error, which can cause a heap memory corruption; an unknown local resources error; and an ActiveX error, which can be exploited to launch a stack-based buffer overflow.

RealNetworks, in an advisory, recommends users upgrade their products to the latest version.

Related Articles
Related Topics
Related Links

More in News

Privacy-bolstering "Apps Act" introduced in House

The bill would provide consumers nationwide with similar protections already enforced by a California law.

Microsoft readies permanent fix for Internet Explorer bug used in energy attacks

Microsoft is prepping a whopper of a security update that will close 33 vulnerabilities, likely including an Internet Explorer (IE) flaw that has been used in targeted website attacks against the U.S. government.

Weakness in Adobe ColdFusion allowed court hackers access to 160K SSNs

Up to 160,000 Social Security numbers and one million driver's license numbers may have been accessed by intruders.