Unpatched RealPlayer = Your Worst Nightmare


RealPlayer has always managed to remain in the spotlight, but not only with good things as the applications has been often the subject of security advisories published on the web. Today, it’s the time. It’s the time when RealPlayer is once again vulnerable to attacks and it seems like this time, it may be a serious one. Security company
Secunia published a notification entitled "RealPlayer Unspecified Buffer Overflow Vulnerability", stating that it can be easily used to compromise an affected computer.

RealPlayer in action
 
Article: Unpatched RealPlayer = Your Worst Nightmare
Comments: RealPlayer in action

"The vulnerability is caused due to an unspecified error and can be exploited to cause a buffer overflow. No further information is available. Successful exploitation allows execution of arbitrary code", Secunia wrote in the advisory.

It seems like the only affected version is RealPlayer 11 build 6.0.14.748. US-CERT also published a security alert informing the users that they were "aware of a public report stating that working exploit code is available for RealPlayer."

Obviously, RealNetworks, the creators of the application, has been informed about the vulnerability and started an investigation on the report. The developers claim that a Russian security company discovered the exploit and published it on the web, which is pretty dangerous for all the RealPlayer users. "It seems they just wrote a script and decided to post it and say, 'Hey, we can do this'," Ryan Luckin, a RealNetworks spokesman, told SCMagazineUS.com.

In case you’re one of those affected users, you’re probably looking for a solution to avoid a potential exploitation and remain secure while using the program. Until an official fix released by the RealPlayer developers, you’re advised to avoid opening "untrusted media files or browse untrusted websites", as Secunia mentioned in the security notification.

If you’d like to download the latest version of RealPlayer, you can take it straight from Softpedia using this link.


[Source:
softpedia]

0 comments