TechWeb: Security hole affects RealPlayers

TechWeb News, InternetWeek

Story Tools

RELATED • Site for installing the patch  • NTBugtraq mailing list

(TechWeb) -- A security hole in RealNetworks' media player software could allow attackers to run arbitrary code on a user's computer.

Attackers can run any code they wish on the Windows versions of RealOne Player and RealPlayer, by encouraging users to download a malformed file, according to a security advisory by Next Generation Security Software of Sutton, England, and distributed on the NTBugtraq mailing list.

RealNetworks, whose software is used by millions to play sound and video files, said it had not received reports of "anyone actually being attacked with this exploit." But the company was taking steps to prevent the possibility of attacks.

"We have not yet received reports of anyone actually being attacked with this exploit," the company's Web site said. "However, RealNetworks, has found and fixed the problem."

Installing the patch

RealNetworks recommends users install a patch to fix the software, available from the company's Web site, or check for updates from the Real software.

The Next Generation Security Software advisory can be read on the company's Web site.

Burgers, lattes and CD burners • CNN/Money: Britney Spears No. 1 name used by hackers • CNN/Money: Atari's future in question • CNN/Money: Report: Cingular opposes calls on planes

CNN/Money: Security alert issued for 40 million credit cards • Bin Laden deputy sends message • U.S. House votes to keep U.N. dues • Iran poll to go to run-off