Language Selection

English French German Italian Portuguese Spanish

Security holes haunt RealPlayer

Filed under
Security

Real Networks has fixed four serious security vulnerabilities in its Real, Rhapsody and Helix media players.

Two of the security holes put users at risk of buffer overflow attacks just by playing a media file.

The first vulnerability uses the .avi movie file format to overwrite a compromised PC's heap memory, which in turn allows hackers to take control of a system.

The vulnerability can be triggered by a webpage containing a movie configured to start playing automatically, according to an advisory from eEye, the security consultancy that first reported the vulnerability. It ranks the severity as 'high'.

A hacker could also entice a user to play a movie by promising 'appealing' content.
The flaw affects most RealPlayer software for Windows as well as Rhapsody, which is used for Real's subscription music service.

A similar attack method can be used to exploit another flaw in RealPlayer for OS X, Windows and Linux as well as the Helix Player for Linux.

The method uses a flaw in RealText that is part of the RealMedia file format, which again allows a hacker to take over a system, security experts from iDefense warned in a security advisory.

Full Article.

More in Tux Machines

3 open source link shorteners

Nobody likes an impossibly long URL. They're hard to decipher. But sometimes, between a deep directory structure on a site, plus a large number of parameters tacked on to the end, URLs just begin to get unwieldy. And back in the days before Twitter added their own link shortener to their service, a long URL meant taking precious characters away from your tweets. Read more

Ubuntu Server: The smart person's guide

Ubuntu Server is an open source platform that does more than you might think. With its ability to serve as an internal company server or to scale all the way up and out to meet enterprise-level needs, this operating system can do it all. This smart person's guide is an easy way to get up to speed on Ubuntu Server. We'll update this guide periodically when news and updates about Ubuntu Server are released. Read more

Rockstor 3.9.0 NAS Distro Adds Big Enhancements to the Disk Management Subsystem

Suman Chakravartula from the Rockstor project, an open-source NAS (Network-attached storage) solution using the Linux kernel and Btrfs file system, announced the general availability of Rockstor 3.9.0. Read more

Escuelas Linux 5.2 Officially Released with LibreOffice 5.3.1 & Google Chrome 57

Alejandro Diaz informs Softpedia today about the general availability of Escuelas Linux 5.2, the newest and most advanced version of his Bodhi/Ubuntu-based GNU/Linux distribution designed for educational purposes. Read more