
Quartet of security flaws rated "critical"
By Joris Evers
Published: 24 June 2005 09:20 BST
Several security holes in RealNetworks' widely used media player software could put PCs at risk of attack, the company has warned.
Four vulnerabilities in RealPlayer have been discovered, the most serious of which could allow an intruder to gain control of a computer, RealNetworks said in a security advisory posted on Thursday. Software updates are now available to plug the holes, the company said.
Security experts from the French Security Incident Response Team, or FrSIRT, labelled the problems as "critical" - the highest rating - in an alert issued yesterday.
The problems exist in current and some older releases of RealPlayer, and they affect versions for Windows as well as Mac OS and Linux, RealNetworks said. In addition, one of the newly patched bugs is also found in Rhapsody 3, the software used in RealNetworks' music service.
Three of the four flaws could be exploited using a malicious media file, RealNetworks said. Specially crafted RealMedia and AVI files could allow an attacker to take over a user's computer, while a malicious MP3 file could be used to overwrite local files or execute ActiveX controls, it said.
To take advantage of the fourth flaw, a hacker would need to build a malicious website. However, the attack would require the user to be running earlier versions of Internet Explorer with standard settings on the computer, RealNetworks said.
RealNetworks' updates are available in its advisory for all affected products and recommends that people install the newer versions.
Joris Evers writes for CNET News.com
To be considered for this position you must have experience with the following skills: C# ASP.Net SQL Server HTML (hand-coding) Object-orientated ...
Exchange Web administration NI production workflow concepts Communication skills Reporting skills Incident management Problem management ITIL aware ...
Controls Systems Engineer - Market Leader Gain vast skills A superb opportunity has arisen to join a market leading, internationally recognised ...
CIO50 2008
The silicon.com CIO50 2008 profiles the most influential and innovative tech chiefs in the UK across all industries and organisation size, from the biggest FTSE100 companies to high growth dot-com start ups and the public sector. The list was voted on by the UK CIO community and a panel of experts. Find out more in our latest special report.
Stories from the web...
Copyright ©1995-2008 CNET Networks, Inc. All rights reserved. Top of page
Martin Brampton Brampton Factor: Open source stands up for its rights Copyright can keep the movement alive...
Bob Tarzey The rise and rise of Infor Quocirca's Straight Talking: Where next for the apps giant?