RealNetworks warns of media player security flaws

RealNetworks's media player software contains vulnerabilities that could let an attacker take control of a PC on which the software is used to download multimedia files, the company confirmed last week.

Corrupt files posing as normal music and video files could allow an attacker to gain control of the downloader's computer, although RealNetworks stressed in a statement that, as far as it is aware, this has not yet happened.

There are three vulnerabilities: files could be created that will open a Web site on the user's browser, from where remote Javascript can be operated, files could be created that let the attacker download and use their code on a user's machine, or media files can be created that will create buffer overrun errors.

The problems have been fixed, and users are advised to download updates from the company's site, it said.

The affected software is: RealOne Player, RealOne Player v2 for Windows only (all languages), RealOne Player 8, RealPlayer 10 Beta (English only) and RealOne Enterprise Desktop or RealPlayer Enterprise (all versions, standalone and as configured by the RealOne Desktop Manager or RealPlayer Enterprise Manager).

The vulnerabilities were discovered in December by Next Generation Security Software Ltd. (NGSS), in Sutton, England. RealNetworks responded reasonably quickly to the discovery, a spokesman for NGSS said. "Some vendors take up to a year," he said.

Join the PC World newsletter!

Error: Please check your email address.

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Gillian Law

IDG News Service
Show Comments

Most Popular Reviews

Deals on PC World

Deals on PC World

Latest News Articles


GGG Evaluation Team

Kathy Cassidy


First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni


For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell


The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi


The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott


My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.


Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?