RealPlayer flaws fixed
Date: November 12, 2005Source: InformationWeek
By:
According to eEye Digital Security, which uncovered the bugs and reported them to RealNetworks, two separate vulnerabilities affect multiple versions of RealPlayer for Windows, Mac OS X, and Linux. Both were classified as a "High" threat by eEye, a ranking that means attackers could use the flaws to remotely execute code on compromised computers.
One of the vulnerabilities could allow an attacker to execute malicious code by delivering a specially-crafted Real Media file in, for instance, an e-mail. The other involves RealPlayer skin files, which transform the look of the RealPlayer program. By building a malicious skin, then enticing the victim to a Web site hosting such a skin, the attacker could grab control of the machine without any other user interaction.
Original article
Add comment
Email to a Friend
