RealNetworks Patches Security Holes

By Matthew Hicks  |  Posted 2004-02-05 Print this article Print

The company fixes exploits affecting its media player that could allow attackers to execute code and generate buffer overruns.

RealNetworks Inc. recently released a security update to plug a series of vulnerabilities in its media players that could open a users machine to malicious code. Security researchers at British-based NGSSoftware Ltd., which issued an advisory on Wednesday, discovered the security holes in December and informed Real Networks of the vulnerabilities. The Seattle-based Real Networks on Wednesday posted a series of fixes to its Web site.
RealNetworks has faced security issues before, particularly with buffer overruns. Click here to read about a series of fixes it issued a year ago.
RealNetworks, in its latest security update, identifies three separate exploits that could affect one or more of the following media players: RealOne Player, RealOne Player v2, RealPlayer 8, RealPlayer 10 Beta and RealOne Enterprise Desktop or RealPlayer Enterprise. The exploits could, among other things, allow an attacker to create RMP files that download and execute arbitrary code on a users machine and to create media files that generate buffer overrun errors, according to the security posting. "While we have not received reports of anyone actually being attacked with this exploit, all security vulnerabilities are taken very seriously by RealNetworks," the company said. Check out eWEEK.coms Security Center at for security news, views and analysis.
Matthew Hicks As an online reporter for, Matt Hicks covers the fast-changing developments in Internet technologies. His coverage includes the growing field of Web conferencing software and services. With eight years as a business and technology journalist, Matt has gained insight into the market strategies of IT vendors as well as the needs of enterprise IT managers. He joined Ziff Davis in 1999 as a staff writer for the former Strategies section of eWEEK, where he wrote in-depth features about corporate strategies for e-business and enterprise software. In 2002, he moved to the News department at the magazine as a senior writer specializing in coverage of database software and enterprise networking. Later that year Matt started a yearlong fellowship in Washington, DC, after being awarded an American Political Science Association Congressional Fellowship for Journalist. As a fellow, he spent nine months working on policy issues, including technology policy, in for a Member of the U.S. House of Representatives. He rejoined Ziff Davis in August 2003 as a reporter dedicated to online coverage for Along with Web conferencing, he follows search engines, Web browsers, speech technology and the Internet domain-naming system.

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel