Highly Critical Vulnerabilities Fixed In Urgent RealPlayer Update
RealNetworks has issued an update that patches four security holes in its RealPlayer jukebox program, including a critical flaw that vulnerability tracker Secunia published today. The patch comes a few hours after Secunia released an advisory warning for one of the vulnerabilities, a heap-based buffer overflow caused by a design error within RealPlayer’s handling of frames in Shockwave Flash (SWF) files.
Among the bugs that are fixed is a flaw within the handling of frames in Shockwave Flash (SWF) files that can be triggered by a heap-based buffer overflow. Secunia published this advisory warning of the vulnerability, which carries the common vulnerability and exposure designation CVE-2007-5400.
A second bug, CVE-2007-1309, affects the RealAudioObjects.RealAudio ActiveX control, which doesn’t properly manage memory for the Console property, allowing the remote execution of code. Details weren’t yet available about the remaining two vulnerabilities, CVE-2008-3064 and CVE-2008-3066.
The vulnerabilities were brought to RealNetworks attention by Dyon Balding, Elazar Broad, CERT/CC, Haifei Li and Peter Vreugdenhil.
According to RealNetworks, at least one of the four bugs affects all platforms: Windows, Mac OS X and Linux. Users should update as soon as possible.
More on CyberInsecure:
Leave a Reply
Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.