RealTime IT News

RealNetworks Patches Holes in The Music

Digital media company RealNetworks rolled out patches for a highly critical security flaw discovered in RealPlayer and other RealNetworks software, according to the company.

The vulnerability is a boundary error that could potentially allow the execution of malicious code, according to Danish security firm Secunia. It can be exploited by specially written WAV or SMIL files that cause buffer overflows that could have allowed attackers to execute arbitrary code to be run.

"RealNetworks has addressed recently discovered security vulnerabilities that offered the potential for an attacker to run arbitrary or malicious code on a customer's machine," RealNetworks officials said in a statement. "RealNetworks has received no reports of machines compromised as a result of the now-remedied vulnerabilities."

The products affected include RealPlayer 8 and 10.x, RealOne Player 1 and 2, Helix Player 1 and RealPlayer Enterprise 1.x., according to the company.

Real Networks classified the holes as "critical" and recommended users install the available updates. Under Windows and Mac OS the update function of the Player can be used. Mac and Windows users should upgrade their players via the Check for Update menu, according to the company.

In related news, California-based security firm eEye Digital Security announced it discovered critical security vulnerabilities in Computer Associates licensing software.

Computer Associates said it released patches for the security flaws that concern buffer overflow vulnerabilities in its licensing software.

eEye Digital Security said the flaws affected several components of CA software on open source, Windows and Mac OS X platforms.

If exploited, the flaws could enable malicious third parties to run code on a compromised machine, according to the company.