RealPlayer security upgrade available
Media player vendor rushes out a point upgrade in response to a critical vulnerability disclosure.
Security vendor Secunia on Tuesday reported a partial fix for a critical vulnerability it first reported last week affecting the RealPlayer software used to play media within Internet browsers on Windows, Mac, and Linux systems.
Secunia disclosed a critical vulnerability within the rmoc3260 ActiveX control in RealPlayer 11 (11.0.0 - 11.0.2 builds 220.127.116.118 - 18.104.22.1682), 10.5 (22.214.171.1240-126.96.36.1993, 188.8.131.528, 184.108.40.2061), and RealPlayer 10 on Windows;RealPlayer 10.1 (10.0.0.396 - 10.0.0.503) and 10 (10.0.0.305 - 352) on Mac; and RealPlayer 10 on Linux.
Specially crafted Shockwave files could lead to a buffer overflow, which could cause memory corruption under certain circumstances and allow a remote attacker to expose sensitive information on a compromised machine.
In response, Real has made upgrades available for its Windows, Mac and Linux products.