RealPlayer security upgrade available
Media player vendor rushes out a point upgrade in response to a critical vulnerability disclosure.
Security vendor Secunia on Tuesday reported a partial fix for a critical vulnerability it first reported last week affecting the RealPlayer software used to play media within Internet browsers on Windows, Mac, and Linux systems.
Secunia disclosed a critical vulnerability within the rmoc3260 ActiveX control in RealPlayer 11 (11.0.0 - 11.0.2 builds 6.0.14.738 - 6.0.14.802), 10.5 (6.0.12.1040-6.0.12.1663, 6.0.12.1698, 6.0.12.1741), and RealPlayer 10 on Windows;RealPlayer 10.1 (10.0.0.396 - 10.0.0.503) and 10 (10.0.0.305 - 352) on Mac; and RealPlayer 10 on Linux.
Specially crafted Shockwave files could lead to a buffer overflow, which could cause memory corruption under certain circumstances and allow a remote attacker to expose sensitive information on a compromised machine.
In response, Real has made upgrades available for its Windows, Mac and Linux products.