Close
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    RealNetworks Addresses Security Problems

    By
    Matt Hines
    -
    March 24, 2006
    Share
    Facebook
    Twitter
    Linkedin

      RealNetworks has issued a security patch for a number of its products to address vulnerabilities that could allow for remote execution of code on devices running the software.

      The company said that it has not been advised of any known exploitations of the flaws, which are present in its RealPlayer multimedia application Version 10.4 and 10.5 for Windows, and in both its RealPlayer 10.4 and Helix Player 1.4 for Linux.

      Real recommended that customers using those products immediately upgrade to a current version of RealPlayer or Helix.

      Among the four individual vulnerabilities detailed by the company, at least one could theoretically allow for execution of a program on computers running the affected products.

      Another issue involves a malicious flash media (.swf) file, which the firm said could cause a buffer overrun on a customers machine.

      /zimages/3/28571.gifClick here to read about a recent RealPlayer vulnerability.

      A third problem pertains to the potential for attacking the programs using a specially crafted Web page which could lead to a heap overflow in the applications embedded multimedia player.

      The fourth issue disclosed by Real involves use of a malicious mimio file to cause a buffer overrun on an exploited machine.

      Security researchers at iDefense, among the first to detail the issue publicly, issued an advisory to address the heap overflow problem specifically. Using the vulnerability, attackers could execute arbitrary code in the context of the individual currently logged onto the device.

      The security company reported that the problem specifically exists in Reals handling of the “chunked” Transfer-Encoding method, which breaks the file a server is sending into pieces.

      iDefense said there are multiple ways of triggering the vulnerability, each of which result in a heap overflow.

      The company also offered a workaround for users of Reals affected products, which involves the disablement of certain Active X controls in the software.

      iDefense said that to successfully exploit an end users device, an attacker would need to first lure the individual into clicking on a link to a server under the outsiders control. As a result, the company advised Real users to be on the lookout for malicious links and not to visit unknown Web sites.

      Real dealt with a slew of serious security vulnerabilities in its programs at the end of 2005, releasing multiple updates to help its customers protect themselves against outside attacks.

      /zimages/3/28571.gifCheck out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.

      Matt Hines
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.

      MOST POPULAR ARTICLES

      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Applications

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      Cloud

      IGEL CEO Jed Ayres on Edge and...

      James Maguire - June 14, 2022 0
      I spoke with Jed Ayres, CEO of IGEL, about the endpoint sector, and an open source OS for the cloud; we also spoke about...
      Read more
      IT Management

      Intuit’s Nhung Ho on AI for the...

      James Maguire - May 13, 2022 0
      I spoke with Nhung Ho, Vice President of AI at Intuit, about adoption of AI in the small and medium-sized business market, and how...
      Read more
      Applications

      Kyndryl’s Nicolas Sekkaki on Handling AI and...

      James Maguire - November 9, 2022 0
      I spoke with Nicolas Sekkaki, Group Practice Leader for Applications, Data and AI at Kyndryl, about how companies can boost both their AI and...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2022 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×