RealNetworks patches flaws in media player software

Security flaws in RealNetworks' media player software could allow attackers to run arbitrary code on a user's computer, the company warned last week.

Three vulnerabilities exist in the Windows versions of the RealOne Player and RealPlayer, according to a statement on RealNetworks' Web site.

By encouraging a RealOne or RealPlayer user to download a malformed file, an attacker could run code of his/her choice on a user's system, according to a security advisory sent by Next Generation Security Software Ltd. of Sutton, England, to the NTBugtraq mailing list on Friday.

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

Security flaws in RealNetworks' media player software could allow attackers to run arbitrary code on a user's computer, the company warned last week.

Three vulnerabilities exist in the Windows versions of the RealOne Player and RealPlayer, according to a statement on RealNetworks' Web site.

By encouraging a RealOne or RealPlayer user to download a malformed file, an attacker could run code of his/her choice on a user's system, according to a security advisory sent by Next Generation Security Software Ltd. of Sutton, England, to the NTBugtraq mailing list on Friday.

Next Generation Security Software said it discovered the flaws and informed RealNetworks on Nov. 1. It is common for security firms to release their own bulletin after the software maker fixes the problem.

RealNetworks, of Seattle, recommends users install a patch to fix the software, although there are no reports so far of attacks using the exploit.

The Next Generation Security Software advisory

The RealNetworks statement

The IDG News Service is a Network World affiliate.