Flaws found in Windows-based media players

Microsoft Windows users need to watch out for glitches in Apple, RealNetworks devices.

Robert Lemos Staff Writer, CNET News.com
Robert Lemos
covers viruses, worms and other security threats.
Robert Lemos
Microsoft Windows users need to watch out for several flaws in non-Microsoft media players, security experts said.

Apple Computer and RealNetworks have both issued fixes for their Windows software to patch serious security vulnerabilities. Apple released Quicktime 6.5.2 on Wednesday to plug two holes in its Windows media player. On Tuesday RealNetworks advised users of its RealPlayer 10, RealPlayer 10.5 and RealOne Player software to use the "Check for Updates" feature to download the latest patch.

One of the flaws in Apple's Quicktime player affects Mac OS X users as well, but the company patched the problems at the end of September.

"It was fixed for all Mac OS X users at the end of September, and this fixes it for Windows users as well," said an Apple spokesman.

The updated Quicktime program is the latest fix for Apple's computer software. The company typically releases one update a month, and in September published fixes for 15 components of the Mac OS X operating system.

The flaw in RealNetworks' software could allow an attacker to run code on the victim's computer by dressing up a malicious program as a graphics theme, or skin, for the player. The flaw--found independently by two security firms, eEye Digital Security and Next-Generation Security Software--is similar to a problem found in August in Winamp's media-playing software.

eEye previously found a flaw in RealNetwork's software for Windows and Linux that could have allowed a malicious program disguised as a movie to run on the victim's computer.