CyberInsecure.com

Daily cyber threats and internet security news: network security, online safety and latest security alerts
July 26th, 2008

Highly Critical Vulnerabilities Fixed In Urgent RealPlayer Update

RealNetworks has issued an update that patches four security holes in its RealPlayer jukebox program, including a critical flaw that vulnerability tracker Secunia published today. The patch comes a few hours after Secunia released an advisory warning for one of the vulnerabilities, a heap-based buffer overflow caused by a design error within RealPlayer’s handling of frames in Shockwave Flash (SWF) files.

Among the bugs that are fixed is a flaw within the handling of frames in Shockwave Flash (SWF) files that can be triggered by a heap-based buffer overflow. Secunia published this advisory warning of the vulnerability, which carries the common vulnerability and exposure designation CVE-2007-5400.

A second bug, CVE-2007-1309, affects the RealAudioObjects.RealAudio ActiveX control, which doesn’t properly manage memory for the Console property, allowing the remote execution of code. Details weren’t yet available about the remaining two vulnerabilities, CVE-2008-3064 and CVE-2008-3066.

The vulnerabilities were brought to RealNetworks attention by Dyon Balding, Elazar Broad, CERT/CC, Haifei Li and Peter Vreugdenhil.

According to RealNetworks, at least one of the four bugs affects all platforms: Windows, Mac OS X and Linux. Users should update as soon as possible.

Share this item with others:

More on CyberInsecure:
  • RealPlayer Vulnerability Exploited In The Wild
  • Critical Flaws Patched In Opera 9.61, New Zero-day Vulnerability Remains Unpatched
  • Firefox Update Patch 9 Security Vulnberabilities, 4 Rated Critical
  • Critical Mac Flaws Triggered By Images Fixed By Apple
  • Apple Safari For Windows Critical Vulnerabilities

    • Posted in Software, Vulnerabilities | Print This Post Print This Post

    This entry was posted on Saturday, July 26th, 2008 at 2:05 am and is filed under Software, Vulnerabilities. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

    If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: Highly Critical Vulnerabilities Fixed In Urgent RealPlayer Update

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    *
    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.

    « «
    » »