Digital media company RealNetworks
rolled out patches for a highly critical security flaw discovered in
RealPlayer and other RealNetworks software, according to the company.
The vulnerability is a boundary error that could potentially allow the execution of malicious code,
according to Danish security firm Secunia. It can be exploited by
specially written WAV or SMIL files that cause buffer overflows that could have allowed attackers to execute arbitrary code to be run.
“RealNetworks
has addressed recently discovered security vulnerabilities that offered the
potential for an attacker to run arbitrary or malicious code on a customer’s
machine,” RealNetworks officials said in a statement. “RealNetworks has received no reports of machines compromised as a result of the now-remedied vulnerabilities.”
The products affected include RealPlayer 8 and 10.x, RealOne Player 1
and 2, Helix Player 1 and RealPlayer Enterprise 1.x., according to the
company.
Real Networks classified the holes as “critical” and recommended users
install the available updates. Under Windows and Mac OS the update function
of the Player can be used. Mac and Windows users should upgrade their
players via the Check for Update menu, according to the company.
In related news, California-based security firm eEye Digital Security
announced it discovered critical security vulnerabilities in Computer
Associates licensing software.
Computer Associates said it released patches for the
security flaws that concern buffer overflow vulnerabilities in its licensing
software.
eEye Digital Security said the flaws affected several components of CA
software on open source, Windows and Mac OS X platforms.
If exploited, the flaws could enable malicious third parties to run code
on a compromised machine, according to the company.