Going to listen to Grammy winners on your computer, using a RealNetworks product? Better patch your software first.
RealNetworks says that three separate bugs open up security holes in a number of their products, including RealOne Player, RealOne Player v2 (all languages), RealPlayer 8 (all language versions), RealPlayer 10 Beta (English only), and RealOne Enterprise Desktop or RealPlayer Enterprise. Many of these bugs cut across platforms, too.
These bugs may allow an attacker access to your computer or its files in a number of different ways, through buffer overruns, by running their own programs on your computer, or running JavaScript from remote locations. RealNetworks says they haven't heard of actual exploits yet, but this information is out there, and someone's probably working on one.
There are fixes for RealOne Player v2, RealOne Player and RealPlayer 8 in the latest versions of each product. Most of the other products can be updated via their "Check for Update" feature on the Tools menu. You can download fixes, and get more information at http://www.service.real.com/help/faq/security/040123_player/EN/. RealNetworks credits security researchers Jouko Pynnönen and Mark Litchfield for finding these problems.
More information on bugs and fixes in entertainment software are at the BugBlog.
Article comments