The Members Forum

Members Login
Username 
 
Password 
    Remember Me  
Post Info TOPIC: RealPlayer haunted by 'critical' security holes


Administrator / Manager

Status: Offline
Posts: 2499
Date:
RealPlayer haunted by 'critical' security holes
Permalink   


If you still have the RealPlayer software on your machine, now might be a good time to uninstall it.   If you really need to keep it (why?), it’s definitely time to apply the latest update to avoid malicious hacker attacks.

RealNetworks has shipped a critical update to address multiple vulnerabilities, some serious enough to allow a remote, unauthenticated attacker to execute arbitrary code or obtain sensitive information.

Some raw details:

 

  • CVE-2010-2996: RealPlayer malformed IVR pointer index code execution vulnerability. Affected software: Windows RealPlayer 11.1 and prior.
  • CVE-2010-3002: RealPlayerActiveX unauthorized file access vulnerability. Affected software: Windows RealPlayer 11.1 and prior.
  • CVE-2010-0116: RealPlayer QCP files parsing integer overflow vulnerability. Affected software: Windows RealPlayer SP 1.1.4 and prior.
  • CVE-2010-0117: RealPlayer processing of dimensions in the YUV420 transformation of MP4 content vulnerability. Affected software: Windows RealPlayer SP 1.1.4 and prior.
  • CVE-2010-0120: RealPlayer QCP parsing heap-based buffer overflow vulnerability.
  • Affected software: Windows RealPlayer SP 1.1.4 and prior.

ZDnet has the article HERE!



__________________

http://www.mycomputerplayground.com
http://www.digitaldrama.net
http://www.thisrules.net


Administrator / Manager

Status: Offline
Posts: 2410
Date:
Permalink   

Haven't used RealPlayer for years!
no



__________________

Vindicated th_Worm.gif

Page 1 of 1  sorted by
 
Quick Reply

Please log in to post quick replies.

Tweet this page Post to Digg Post to Del.icio.us


Create your own FREE Forum
Report Abuse
Powered by ActiveBoard