Real Player Vulnerabilities


I heard about this earlier today and I meant to post about it but I forgot. I was reminded again on Slashdot. You can read the NGSSoftware advisory here.

By crafting malformed .RP, .RT, .RAM, .RPM & .SMIL files it is possible to cause heap and stack based overruns in RealPlayer / RealOne Player. By forcing a browser to a website containing such a file, code could be exectued on the target machine running in the context of the logged on user, alternatively the end user would be required to open the attachment (except in the case of the .RPM file)
If you run Real player, be sure to update your installation. Real has posted updates here.

Comments (1)

  1. moo says:

    Use Media Player Classic on sourceforge.net and then install Quicktime Alternative and Real Alternative codec packs.

    It does all the same with the very light player.

    No bloat, no crap. It just works as software should, none of this mr.fancy pants hoopla that we see nowdays.

    Simplicity is bliss ( and secure, and rhobust and trusted and stable).

Skip to main content