RealNetworks Patches Security Holes

The company fixes exploits affecting its media player that could allow attackers to execute code and generate buffer overruns.

RealNetworks Inc. recently released a security update to plug a series of vulnerabilities in its media players that could open a users machine to malicious code.

Security researchers at British-based NGSSoftware Ltd., which issued an advisory on Wednesday, discovered the security holes in December and informed Real Networks of the vulnerabilities.

The Seattle-based Real Networks on Wednesday posted a series of fixes to its Web site.

/zimages/2/28571.gifRealNetworks has faced security issues before, particularly with buffer overruns. Click here to read about a series of fixes it issued a year ago.

RealNetworks, in its latest security update, identifies three separate exploits that could affect one or more of the following media players: RealOne Player, RealOne Player v2, RealPlayer 8, RealPlayer 10 Beta and RealOne Enterprise Desktop or RealPlayer Enterprise.

The exploits could, among other things, allow an attacker to create RMP files that download and execute arbitrary code on a users machine and to create media files that generate buffer overrun errors, according to the security posting.

"While we have not received reports of anyone actually being attacked with this exploit, all security vulnerabilities are taken very seriously by RealNetworks," the company said.

/zimages/2/28571.gifCheck out eWEEK.coms Security Center at security.eweek.com for security news, views and analysis.