RealNetworks Patches Player, Rhapsody Vulnerabilities

Welcome Guest. | Log In| Register | Membership Benefits

June 24, 2005 (2:39 PM EDT)

By TechWeb Technology News

RealNetworks, Inc. on Thursday posted patches for a quartet of serious vulnerabilities to its flagship RealPlayer software that could give hackers access to systems and let them corrupt files on the hard drive.

The bugs affect Windows, Mac, and Linux editions of the company's popular RealPlayer media player, and the Seattle-based developer's Rhapsody music subscription service. Also at risk: RealOne Player and Helix Player.

Among the problems patched were ones that allowed attackers armed with a malicious MP3 file to overwrite local files or execute an ActiveX control. Others included flaws in the RealMedia file format that would let a hacker craft an attack using RealText and a buffer overflow error in the vidplin.dll file.

RealNetworks' advisory recommended that users immediately update RealPlayer and RealOne Player within Windows and Mac OS X directly from the software's internal update facility. Linux users of Helix Player and RealPlayer 10 for Linux must manually download a new version and install it.

While RealNetworks assured users that it's received no reports of compromised computers resulting from the vulnerabilities, this isn't the first time that the firm's software has been patched this year. In March, for instance, many of the same programs had to be updated because of a pair of vulnerabilities that could be exploited with malformed. wav and/or .smil files.

Danish vulnerability tracker Secunia tagged the RealNetworks' newest problems as "Highly critical" in its own assessment of the bugs, which was posted Friday.