Fixes in for RealPlayer flaws

RealNetworks patches a "critical" clutch of holes in its media player products, which could be used to let intruders run code on PCs.

Candace Lombardi
In a software-driven world, it's easy to forget about the nuts and bolts. Whether it's cars, robots, personal gadgetry or industrial machines, Candace Lombardi examines the moving parts that keep our world rotating. A journalist who divides her time between the United States and the United Kingdom, Lombardi has written about technology for the sites of The New York Times, CNET, USA Today, MSN, ZDNet, Silicon.com, and GameSpot. She is a member of the CNET Blog Network and is not a current employee of CNET.
Candace Lombardi
RealNetworks has warned of four flaws in its media player software, three of which pose a severe security risk.

The Seattle-based digital media company released patches on Thursday to fix the problems. The bugs affect older versions of its flagship RealPlayer as well as of Rhapsody, Helix Player and RealOne Player. They aren't found in the most recent versions of RealPlayer and Rhapsody, according to a company advisory. The flaws are found in RealNetworks' software for Microsoft Windows, Mac OS X and Linux systems.

iDefense, a VeriSign company, is one of those credited by RealNetworks with reporting a problem. It has issued a a security alert about a flaw in the way servers handle "chunks" of transferred data that could be used to crash a computer. It could also be used to let an outsider run code on an infected PC without the owners' knowledge, iDefense said.

The vulnerabilities have been rated "highly critical" in an advisory from Secunia. The Danish security company said that one flaw in processing SWF files, used to play Flash media, could also be used to commandeer a computer. Another bug, in the processing of MBC files used for Mimio BoardCast audio sessions, could also ultimately allow a break-in on a machine.

While no cases of actual compromised computers have surfaced, RealNetworks strongly recommends people upgrade to the most current version of its media software. A detailed list of vulnerable versions and the free upgrades can be found on its posted alert.