The Members Forum

Members Login

Post Info

TOPIC: RealPlayer haunted by 'critical' security holes

barney

Administrator / Manager

Status: Offline

Posts: 2499

Date: Sep 2, 2010

RealPlayer haunted by 'critical' security holes	Permalink

If you still have the RealPlayer software on your machine, now might be a good time to uninstall it. If you really need to keep it (why?), it’s definitely time to apply the latest update to avoid malicious hacker attacks. RealNetworks has shipped a critical update to address multiple vulnerabilities, some serious enough to allow a remote, unauthenticated attacker to execute arbitrary code or obtain sensitive information. Some raw details: CVE-2010-2996: RealPlayer malformed IVR pointer index code execution vulnerability. Affected software: Windows RealPlayer 11.1 and prior. CVE-2010-3002: RealPlayerActiveX unauthorized file access vulnerability. Affected software: Windows RealPlayer 11.1 and prior. CVE-2010-0116: RealPlayer QCP files parsing integer overflow vulnerability. Affected software: Windows RealPlayer SP 1.1.4 and prior. CVE-2010-0117: RealPlayer processing of dimensions in the YUV420 transformation of MP4 content vulnerability. Affected software: Windows RealPlayer SP 1.1.4 and prior. CVE-2010-0120: RealPlayer QCP parsing heap-based buffer overflow vulnerability. Affected software: Windows RealPlayer SP 1.1.4 and prior. ZDnet has the article HERE! __________________ http://www.mycomputerplayground.com http://www.digitaldrama.net http://www.thisrules.net

Vindicated

Administrator / Manager

Status: Offline

Posts: 2410

Date: Sep 2, 2010

	Permalink
Haven't used RealPlayer for years! __________________ Vindicated

Page 1 of 1 sorted by

Tweet this page

Post to Digg

Post to Del.icio.us

Create your own FREE Forum
Report Abuse