Threat Level: green Handler on Duty: Bojan Zdrnja

SANS ISC: Real Player critical patch for two vulnerabilities - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Real Player critical patch for two vulnerabilities
RealNetworks has issued a critical patch for two vulnerabilities reported by eEye. The vulnerabilities affect a large number of RealNetworks' applications.

eEye RealPlayer Zipped Skin File Buffer Overflow II
"A RealPlayer skin file (.rjs extension) can be downloaded and applied automatically through a web browser without the user's permission."

eEye RealPlayer Data Packet Stack Overflow
"By specially crafting a malformed .rm movie file, a direct stack overwrite is triggered, and reliable code execution is then possible."

RealNetworks Update to Address Security Vulnerabilities.


Patrick

193 Posts

Sign Up for Free or Log In to start participating in the conversation!