Language Selection

English French German Italian Portuguese Spanish

RealPlayer Flaws Trigger PC Hijack Alert

Filed under
Security

Digital-media delivery company RealNetworks on Thursday rolled out patches for four high-risk vulnerabilities in its flagship RealPlayer software, warning that the flaws put millions of users at risk of PC hijack attacks.

The Seattle, Wash.-based RealNetworks Inc. said the flaws can be exploited by remote attackers to execute arbitrary commands with the privileges of the logged-in user.

he company issued a high-risk alert and confirmed that all four flaws affect RealPlayer 10 and 10.5, RealOne Player versions 1 and 2 and RealPlayer 8.

RealPlayer Enterprise, the configurable version of RealPlayer designed for enterprise deployments, the Rhapsody 3 music service and the open-source Linux and Helix versions are also affected, the company warned.

The most serious of the four flaws could allow an attacker to create a malicious MP3 file to allow the overwriting of a local file or execution of an ActiveX control on a vulnerable machine.

RealNetworks said a malicious RealMedia file that used RealText could also be used as an attack mechanism to cause a heap overflow. This could allow an attacker to execute arbitrary code on a target machine.

A third vulnerability was described as buffer-overflow error in the "vidplin.dll" file that does not properly handle specially crafted AVI files. This could be exploited via malicious Web sites to execute arbitrary commands with the privileges of the logged-in user, RealNetworks said.

The company said a fourth vulnerability could be combined with default settings of earlier Internet Explorer browsers and exploited by a malicious Web site to create a local HTML file and then trigger an RM file to play which would then reference the local HTML file.

Full Story.

More in Tux Machines

The Linux Test Project has been released for September 2015

Good news everyone, the Linux Test Project test suite stable release for *September 2015* has been released. Since the last release 272 patches by 27 authors were merged. Notable changes are: * Network namespace testcases were rewritten from scratch * New user namespaces testcases * New testcases for various virtual network interfaces * New umount2() testcases (for UMOUNT_NOFOLLOW, MNT_EXPIRE and MNT_DETACH flags) * New open() testcase (for O_PATH flag) * New getrandom() testcases * New inotify, cpuset, futex_wake() and recvmsg() regression tests + The usual number of fixes and enhancements Read more

Smart touchscreen dev kit runs Android on quad-core i.MX6

Gateworks announced a 7-inch touchscreen Android development kit, with a quad-core i.MX6 SoC, GbE, WiFi, BT, GPS, USB, serial I/O, and dual mini-PCIe slots. The Gateworks “GW11036″ Embedded Android Development Kit is aimed at easing the process of developing smart touchscreen-interfaced systems for use in a wide range of applications, including those requiring extended temperature operation. The kit builds on the company’s GW5224 single board computer, adding a 7-inch, 1024 x 600-pixel TFT display, capacitive touchscreen, wireless modules, and a customized, microSD-bootable, Android KitKat operating system. Read more

13 Ways You Can Help Desktop Linux To Grow

This is the condition when there are over 300 Linux distributions with a number of them being desktop focused. Linux was (and still) considered to be the “geek only” zone with the biggest misconception that one need to know the command line to use Linux. Times have changed. Linux is a lot more user-friendly than what it used to be in late 90’s or early 2000. The chances for Linux to gain market share is now and you definitely could help in this cause. Read more

Today and Yesterday in Techrights