RealPlayer Patches Critical Holes

Wednesday, February 8, 2012 @ 03:02 PM gHale

RealNetworks released an update to RealPlayer to close vulnerabilities in its media player application.

Version 15.02.71 of RealPlayer addresses seven remote code execution vulnerabilities, rated as highly critical by Secunia. An attacker could exploit these holes and compromise a victim’s system.

RELATED STORIES
Oracle Patches DoS Hole
OpenSSL Patches Bug Offered in Fix
OpenSSL Offering Patches 6 Flaws
Google Looks at HTTPS Security

These include errors when processing RMFF Flags, VIDOBJ_START_CODE and RealAudio coded_frame_size, as well as RV10 Encoded Height/Width, RV20 Frame Size Array and RV40 content.

Also, a patch for remote code execution problem in Atrac Sample Decoding is ready to go. This is not the 15.x.x branch of the media player; this issue affects Mac RealPlayer 12.0.0.1701 but is not in version 12.0.0.1703.

The company said it has “received no reports of any machines actually being compromised as a result of the now-remedied vulnerabilities”. Further details about these security bugs are available.

Versions 11.0 to 11.1, 14.0.0 to 14.0.7 and 15.0.0 to 15.0.1.13, as well as RealPlayer SP 1.0 to 1.1.5 suffer from the vulnerability. The company advises all users to upgrade to the current version. RealPlayer 15.02.71 is available to download for Windows XP, Vista and Windows 7 from the company’s web site.



Leave a Reply

You must be logged in to post a comment.