Language Selection

English French German Italian Portuguese Spanish

Security holes haunt RealPlayer

Filed under
Security

Real Networks has fixed four serious security vulnerabilities in its Real, Rhapsody and Helix media players.

Two of the security holes put users at risk of buffer overflow attacks just by playing a media file.

The first vulnerability uses the .avi movie file format to overwrite a compromised PC's heap memory, which in turn allows hackers to take control of a system.

The vulnerability can be triggered by a webpage containing a movie configured to start playing automatically, according to an advisory from eEye, the security consultancy that first reported the vulnerability. It ranks the severity as 'high'.

A hacker could also entice a user to play a movie by promising 'appealing' content.
The flaw affects most RealPlayer software for Windows as well as Rhapsody, which is used for Real's subscription music service.

A similar attack method can be used to exploit another flaw in RealPlayer for OS X, Windows and Linux as well as the Helix Player for Linux.

The method uses a flaw in RealText that is part of the RealMedia file format, which again allows a hacker to take over a system, security experts from iDefense warned in a security advisory.

Full Article.

More in Tux Machines

Linux Foundation releases PARANOID internal infosec guide

Linux Foundation project director Konstantin Ryabitsev has publicly-released the penguinistas' internal hardening requirements to help sysadmins and other paranoid tech bods and system administrators secure their workstations. The baseline hardening recommendations are designed that balance security and convenience for its many remote admins, rather than a full-blown security document. Read more

Second Alpha Build of Liquid Lemur Linux 2.0 Brings LibreOffice 5, Based on Debian 8

Edward Snyder, the creator and maintainer of the Debian-based Liquid Lemur Linux distribution, has announced the release and immediate availability for download of the second Alpha build of the upcoming Liquid Lemur Linux 2.0 distro. Read more

Manjaro Linux 0.8.13.1 Fluxbox Edition Gets Linux Kernel 4.1 LTS, Download Now

The Manjaro Linux team, through Bernhard Landauer, has proudly announced the release of an updated version of the Manjaro Linux Fluxbox Edition, namely 0.8.13.1, which features an updated Linux kernel and numerous improvements. Read more

NVIDIA reveals GPUs for blade servers, Linux desktop support

VMworld 2015 NVIDIA has announced the second version of its Grid desktop virtualisation software, complete with a pair of GPUs for blade servers. NVIDIA is pitching GRID as a hardware offering tuned to the needs of graphically-demanding desktop virtualisation (VDI) workloads. If that sounds a bit exotic, consider environments like the resources industry, where on-site engineers need CAD and modelling tools, but miners are loathe to deploy desktops in the remote sites where stuff gets dug out of the ground. VDI works a treat in such spots. Read more