Digital media delivery firm RealNetworks has
issued a critical update to fix multiple security flaws in its media
player software.
The flaws, described by Secunia as “highly critical,” could allow
malicious hackers access to manipulate data or hijack a vulnerable
system. Affected software includes the RealOne Player, RealPlayer and
Helix Player.
RealNetworks said in an advisory
that users should apply fixes for all three affected products.
RealNetworks said the most critical flaw could allow an attacker to
create an RM (Real Media) file to corrupt the media player when run from
a local drive. A successful exploit might allow an attacker to execute
harmful code on a user’s machine, the company warned.
Attackers could also build a Web page with malformed calls to corrupt
the embedded player and download executable code on a vulnerable
machine.
A third flaw could allow malicious hackers to create a Web page and a
media file to allow the deletion of a file in a path known to the attacker,
RealNetworks explained.
It is the second time this year that RealNetworks has rushed out
patches to plug serious holes in its media player. In June, the company
released a fix for buffer overflows
in the RealPlayer that put millions of users at risk of a PC hijack.