RealPlayer Still Vulnerable to Attack
Real Networks has yet to successfully patch flaws found two weeks ago in its popular RealPlayer and RealOne software.Nearly two weeks after posting a faulty patch for several security vulnerabilities in its ubiquitous RealPlayer and RealOne software, Real Networks Inc. has yet to release a working fix for the problems. And, a security researcher said Tuesday that he has discovered five more vulnerabilities in the media players. Mark Litchfield of Next Generation Security Software Ltd., who also discovered the three original Real flaws, said he has found five additional vulnerabilities in the RealPlayer and RealOne players. All of the new issues are buffer overruns and can be exploited remotely via code embedded in e-mail messages.
Litchfield has notified Real of some of the flaws and is currently in the process of writing proof-of-concept exploit code for the others before sending them to the Seattle-based company. He is working with Real Networks on fixes for the vulnerabilities.