RealNetworks Fixes Security Holes
A flaw in the RealPlayer software allows malicious media files to run arbitrary code.RealNetworks Inc. has patched security vulnerabilities in several versions of the RealPlayer client software. According to an advisory on the companys Web site, the patches address three vulnerabilities in RealPlayer and the RealOne Player for Windows, Mac and Linux. RealNetworks recommends that users apply the updates through links on the advisory page. Real clients for handheld devices, specifically Symbian, Palm and Nokia Series 60, are not affected.
The most serious of the flaws affects only Windows versions of the player. This issue appears to have been reported to RealNetworks by eEye Digital Security, a security consulting firm with a history of finding serious security issues in Windows. This new problem resembles in many ways an earlier problem reported to RealNetworks by eEye. This problem would allow a malicious Web page to potentially execute arbitrary code in the context of the user running the player.