Mobile/PDA About Us Advertise here


		User name	Password

		Not registered yet? Register here. Lost your password? Click here.

Browse by topic

News

Real to offer fix for RealPlayer security flaw

20 October 2007 18:16 by James "Dela" Delahunty | 2 comments

RealNetworks Inc. has announced that a fix will be made available for a critical unpatched vulnerability in the RealPlayer software. Symantec Corp. researchers discovered yesterday that the vulnerability was already being exploited by malware authors. "Real has created a patch for RealPlayer 10.5 and RealPlayer 11 that addresses the vulnerability identified by Symantec," wrote RealNetworks General Manager of Product Development Russ Ryan, in a Friday blog posting.

He added: "Real will make this patch available to users via this blog and our security update page later today." He said that users of RealOne Player, RealOne Player v2, and RealPlayer 10 should upgrade to the 10.5 version or the RealPlayer 11 beta code and install the patch. The attack exploits a flaw in an ActiveX browser helper object, affecting only Internet Explorer users running Windows.

"The exploit itself is embedded in advertisements that were being served by 247realmedia.com," Symantec said in a note on its DeepSight threat management system. "The redirection to the exploit page... was accomplished through an iFrame embedded in each advertisement."

Source:
Yahoo (PC World)

Permalink to this article

Security analysts warn of QuickTime exploit (25 November 2007)

RealNetworks and Analog Devices team for PMP video (24 November 2007)

RealPlayer 11 out of beta (17 November 2007)

Sonic and RealNetworks team up for DVD tech (17 September 2007)

RealNetworks launches beta for Real Player 11 (26 June 2007)

Real to distribute Google and Mozilla software (5 August 2006)

« Previous news article
Cyberlink PowerDVD certified for playback of BD-RE 3.0 format

Next news article »
Update: IFPI and Pirate Bay to do battle over domain name

Post your comment

Discuss this article!
borhan9 (AfterDawn Addict) 24 October 2007 2:53
I prefer the real player alternatve because its smaller and easier to use and does not have ad support. [ + quote]
MattSpra (Newbie) 25 October 2007 14:05
RealNetworks has issued a patch for this vulnerability that users can download here - http://service.real.com/realplayer/security/191007_player/en/ For more information about these patches and how the new RealPlayer has been improved, please visit the RealPlayer blog at www.realplayer.com/blog/ Matt Spragins Real Networks [ + quote] This message has been edited since posting. Last time this message was edited on 25 October 2007 20:27