Language Selection

English French German Italian Portuguese Spanish

Security holes haunt RealPlayer

Filed under
Security

Real Networks has fixed four serious security vulnerabilities in its Real, Rhapsody and Helix media players.

Two of the security holes put users at risk of buffer overflow attacks just by playing a media file.

The first vulnerability uses the .avi movie file format to overwrite a compromised PC's heap memory, which in turn allows hackers to take control of a system.

The vulnerability can be triggered by a webpage containing a movie configured to start playing automatically, according to an advisory from eEye, the security consultancy that first reported the vulnerability. It ranks the severity as 'high'.

A hacker could also entice a user to play a movie by promising 'appealing' content.
The flaw affects most RealPlayer software for Windows as well as Rhapsody, which is used for Real's subscription music service.

A similar attack method can be used to exploit another flaw in RealPlayer for OS X, Windows and Linux as well as the Helix Player for Linux.

The method uses a flaw in RealText that is part of the RealMedia file format, which again allows a hacker to take over a system, security experts from iDefense warned in a security advisory.

Full Article.

More in Tux Machines

First Jessie based Debian Edu beta release

Hi, the Debian Edu / Skolelinux project is pleased to announce the first *beta* release of Debian Edu "Jessie" 8.0+edu0~b1, which for the first time is composed entirely of packages from the current Debian stable release, Debian 8 "Jessie". (As most reading this will know, Debian "Jessie" hasn't actually been released by now. The release is still in progress but should finish later today ;) We expect to make a final release of Debian Edu "Jessie" in the coming weeks, timed with the first point release of Debian Jessie. Upgrades from this beta release of Debian Edu Jessie to the final release will be possible and encouraged! Read more

Leftovers: Screenshots and Screencasts

Android Leftovers

Leftovers: Software