‘Critical’ RealPlayer Holes Patched

Digital media delivery firm RealNetworks has issued a major update to its flagship media player to plug three security holes that could potentially put millions of users at risk of system takeover.

The Seattle-based RealNetworks Thursday confirmed the three exploits in an advisory and warned that the newest RealPlayer 10 was also vulnerable to one of the security bugs.

The flaws, discovered by NGSSoftware, include boundary errors when parsing “.RP”, “.RT”, “.RAM”, “.RPM”, and “.SMIL” files. RealNetworks warned that a successful exploit could cause buffer overflows via specially crafted files hosted on a malicious Web site.

The company also fixed an unspecified error in the handling of “.RMP” files can be exploited to download and execute arbitrary code on a user’s system and an input validation error in the handling of “.SMIL” and other files can be exploited to conduct cross-site scripting attacks.

Security research firm Secunia has classified the flaws as “highly critical.”

Affected software include RealPlayer 8, RealPlayer 10 Beta, RealOne Player, RealOne Player v2, RealOne Enterprise Desktop and RealPlayer Enterprise (all language versions, all platforms).

It is not the first time security vulnerabilities have been detected in the Real’s popular media players, which has been downloaded by more than 200 million users worldwide. Last April, the company issued a fix for a flaw in RealPlayer that could allow a malicious hacker to create a specifically corrupted Portable Network Graphics (PNG) file to cause heap corruption.

Before that, the company released a patch to fix a buffer overrun flaw in the RealPlayer 8 software.

Apple’s QuickTime and Microsoft’s Windows Media Player have also been vulnerable to malicious attacks in the past.