Language Selection

English French German Italian Portuguese Spanish

RealPlayer Flaws Trigger PC Hijack Alert

Filed under
Security

Digital-media delivery company RealNetworks on Thursday rolled out patches for four high-risk vulnerabilities in its flagship RealPlayer software, warning that the flaws put millions of users at risk of PC hijack attacks.

The Seattle, Wash.-based RealNetworks Inc. said the flaws can be exploited by remote attackers to execute arbitrary commands with the privileges of the logged-in user.

he company issued a high-risk alert and confirmed that all four flaws affect RealPlayer 10 and 10.5, RealOne Player versions 1 and 2 and RealPlayer 8.

RealPlayer Enterprise, the configurable version of RealPlayer designed for enterprise deployments, the Rhapsody 3 music service and the open-source Linux and Helix versions are also affected, the company warned.

The most serious of the four flaws could allow an attacker to create a malicious MP3 file to allow the overwriting of a local file or execution of an ActiveX control on a vulnerable machine.

RealNetworks said a malicious RealMedia file that used RealText could also be used as an attack mechanism to cause a heap overflow. This could allow an attacker to execute arbitrary code on a target machine.

A third vulnerability was described as buffer-overflow error in the "vidplin.dll" file that does not properly handle specially crafted AVI files. This could be exploited via malicious Web sites to execute arbitrary commands with the privileges of the logged-in user, RealNetworks said.

The company said a fourth vulnerability could be combined with default settings of earlier Internet Explorer browsers and exploited by a malicious Web site to create a local HTML file and then trigger an RM file to play which would then reference the local HTML file.

Full Story.

More in Tux Machines

Ubuntu 17.10 Codename Released "Artful Aardvark"

Recently Ubuntu has been the talk of the town due to Mark shuttleworth's announcement on discontinuation of Unity 8 development. But the release of Ubuntu 17.04 also fills some gap of that talk shows. Now there is another news coming from Ubuntu which is the release of codename of its upcoming Ubuntu version, i.e. Ubuntu 17.10. It's ​Artful Aardvark! Yes. Artful Aardvark. But what does it mean? Let's find out. Read
more

Qiana Studio Complete Multimedia Production

​Qiana Studio is a Ubuntu and Linux Mint based system for multimedia productions. It comes with many powerful tools and applications that make it a media creation powerhouse. The developers seek to make a lightweight - but powerful A/V-distro basing on Linux Mint! Let us take a look at this distro if it's worth your time. Read more

Ubuntu 17.10 (Artful Aardvark) Daily Build ISO Images Now Available to Download

Canonical's Adam Conrad announced that Ubuntu 17.10 (Artful Aardvark) is officially open for development, and it looks like the first daily build ISO images are already available for download. Read more

Radeon RX 580: AMDGPU-PRO vs. DRM-Next + Mesa 17.2-dev

Last week I posted initial Radeon RX 580 Linux benchmarks and even AMDGPU overclocking results. That initial testing of this "Polaris Evolved" hardware was done with the fully-open Radeon driver stack that most Linux enthusiasts/gamers use these days. The AMDGPU-PRO driver wasn't tested for those initial articles as it seems to have a diminishing user-base and largely focused for workstation users. But for those wondering how AMDGPU-PRO runs with the Radeon RX 580, here are some comparison results to DRM-Next code for Linux 4.12 and Mesa 17.2-dev. Read more