Language Selection

English French German Italian Portuguese Spanish

Security holes haunt RealPlayer

Filed under
Security

Real Networks has fixed four serious security vulnerabilities in its Real, Rhapsody and Helix media players.

Two of the security holes put users at risk of buffer overflow attacks just by playing a media file.

The first vulnerability uses the .avi movie file format to overwrite a compromised PC's heap memory, which in turn allows hackers to take control of a system.

The vulnerability can be triggered by a webpage containing a movie configured to start playing automatically, according to an advisory from eEye, the security consultancy that first reported the vulnerability. It ranks the severity as 'high'.

A hacker could also entice a user to play a movie by promising 'appealing' content.
The flaw affects most RealPlayer software for Windows as well as Rhapsody, which is used for Real's subscription music service.

A similar attack method can be used to exploit another flaw in RealPlayer for OS X, Windows and Linux as well as the Helix Player for Linux.

The method uses a flaw in RealText that is part of the RealMedia file format, which again allows a hacker to take over a system, security experts from iDefense warned in a security advisory.

Full Article.

More in Tux Machines

Leftovers: Gaming

Must Have Android Apps That Aren’t So Well Known

There are must have Android apps that everyone has – the big apps that get all the buzz. There are also apps that win popularity contests in specific groups of people. But there are also Android apps worthy of download that aren’t that well known. Think of them as the “must have” underdog list. To avoid missing out on what may prove to be your most helpful app ever, take a look at these lesser known contenders: Read more

Of course USA loses in cyber war - NSA and friends made sure it would happen

There is a reason why China and others are trying to move away from Windows to Linux and other alternatives, and it is not to avoid sending its hard earned dollars to Cayman Islands (or whatever tax haven Microsoft is using these days to collect the majority of its income. :) Read more

ASF publishes long-overdue Code Of Conduct

We pride ourselves at The Apache Software Foundation on our principles of "community over code" and "don't be a jerk". But, alas, we've been slow to codify some of these things in public. Part of this, I'm sure, is that it’s easy to think we all just know how we're supposed to treat people, and so you shouldn't have to say, right? Read more