Language Selection

English French German Italian Portuguese Spanish

Security holes haunt RealPlayer

Filed under
Security

Real Networks has fixed four serious security vulnerabilities in its Real, Rhapsody and Helix media players.

Two of the security holes put users at risk of buffer overflow attacks just by playing a media file.

The first vulnerability uses the .avi movie file format to overwrite a compromised PC's heap memory, which in turn allows hackers to take control of a system.

The vulnerability can be triggered by a webpage containing a movie configured to start playing automatically, according to an advisory from eEye, the security consultancy that first reported the vulnerability. It ranks the severity as 'high'.

A hacker could also entice a user to play a movie by promising 'appealing' content.
The flaw affects most RealPlayer software for Windows as well as Rhapsody, which is used for Real's subscription music service.

A similar attack method can be used to exploit another flaw in RealPlayer for OS X, Windows and Linux as well as the Helix Player for Linux.

The method uses a flaw in RealText that is part of the RealMedia file format, which again allows a hacker to take over a system, security experts from iDefense warned in a security advisory.

Full Article.

More in Tux Machines

today's howtos

Leftovers: Software

Userptr Support Set For AMD Radeon GPUs In Linux 3.18

While it was originally set for Linux 3.17, with the Linux 3.18 kernel that's still months away will be userptr support for the AMD Radeon graphics driver. Read more

Rugged mini-PCs have four gigabit ports, run Ubuntu

Stealth.com has launched four rugged mini-PCs based on 3rd Gen. Intel Core CPUs, featuring four gigabit ports, Ubuntu, and optional PCI and PCIe expansion. The four new LPC480x models are the latest members of the Little PC family of mini-PCs from Stealth.com (formerly Stealth Computer), which include the circa-2011, Intel Atom D525 based LPC-125LPM. The company sells about 50 different LPC models available with Windows or Ubuntu Linux. The systems are designed for embedded control, digital signs, kiosks, mobile navigation, thin-clients, POS, and Human Machine Interface (HMI) applications. Read more