Find Ecommerce Pros to Grow Your Online Business on ALL EC Ecommerce Exchange
Welcome Guest | Sign In
ECommerceTimes.com

RealNetworks Patches 'Highly Critical' Flaw in Media Player

By Susan B. Shor TechNewsWorld ECT News Network
Apr 22, 2005 11:26 AM PT

RealNetworks released a patch earlier this week for a "highly critical" security flaw discovered by Piotr Bania during a security audit of Real Player and reported to security firm Secunia.

Bania told TechNewsWorld that leaving the hole unpatched could lead to serious problems.

RealNetworks Patches 'Highly Critical' Flaw in Media Player

No Known Exploits

"At the time of this writing I have not come across an exploit in the wild, however, it is too early to say that an exploit will not be published in the near future," he said. "The risk is high and based on my experience I can see hackers exploiting this to their advantage. Whether it will be single incidents or a mass pandemic will be apparent in the coming days or weeks."

Attempts to reach RealNetworks were unsuccessful, but the company said on its Web site that it had not heard of any problems relating to this flaw.

The vulnerability exists in almost all the versions of RealPlayer and RealOne for Windows, Mac operating systems and Linux, including Helix Player.

The patch can be downloaded from the RealNetworks site , or by going to the tools menu, clicking "check for updates," selecting "Security Update - April 2005" and installing.

Hacker Code

If exploited, the buffer overflow fault could allow hackers to run their own code on RealPlayer users' computers. Bani said the problem is not uncommon.

"Current news from the bug-traq lists and other security portals indicate that vulnerabilities occur often and not only in RealNetworks products. As an example we can examine the number of vulnerabilities published in Microsoft's April Security Bulletins. Based on my experience I cannot rule out that similiar vulnerabilties will not occur in the future," he said.

Buffer overflow faults have also been found and fixed in the Mozilla Foxfire browser, Windows Media Player, Mac's iSync and other popular software.


How important is a candidate's knowledge of technology in winning your vote?
Extremely -- technology is at the center of most of the world's big problems and solutions.
Very -- a candidate who doesn't understand technology can't relate to young people.
Somewhat -- a general understanding is sufficient.
Not very -- choosing good advisers is more important than direct knowledge.
Not at all -- technology is often a distraction from more important issues.