ZDNet UK


Skip to Main Content

ZDNet.co.uk - Winner of Best Business Website 2007
  1. Home
  2. News
  3. Blogs
  4. Reviews
  5. Prices
  6. Resources
  7. Community
  8. My ZDNet

 

ZDNet UK RSS Feeds


IT Jobs

Online business Toolkit

RealNetworks pulls media player patch

Lisa M Bowman CNET News.com

Published: 27 Nov 2002 09:56 GMT

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

RealNetworks has pulled down a patch that aimed to fix flaws in its popular media player software after the developer who discovered the problems said the fix doesn't work.

The vulnerabilities, which appear in the streaming media company's RealOne Player and Real Player, could affect as many as 115 million users of the software worldwide.

RealNetworks posted a patch last week, but NGSSoftware engineer Mark Litchfield on Tuesday said he was able to easily work around the fixes by making relatively minor changes to his attacks on the software.

"Whatever they did is not sufficient," Litchfield said, adding that he's still working with the company on a better patch.

The three flaws could result in what's known as a "buffer overflow," a memory problem that could compromise security controls and theoretically allow an attacker to take control of a PC running the Real media player.

The intruder could exploit the security holes by encouraging unsuspecting PC users to download files with overly long file names or other distorted features, according to NGSSoftware, the security company that first discovered the flaws.

RealNetworks said that the problems were only theoretical at this point and that the discoverer of the security holes could not actually demonstrate how to exploit the bugs to take over a PC.

"We have not yet received reports of anyone actually being attacked with this exploit," RealNetworks said in a posting on its Web site.

NGSSoftware notified the Seattle-based streaming media company of the problems on 1 November, but kept the findings a secret until RealNetworks could post a patch for them. The UK-based security company sent its findings to the NTBugtraq mailing list after RealNetworks first said it fixed the flaws.

RealNetworks representatives did not immediately return calls seeking comment on the patch problems.

For all security-related news, including updates on the latest viruses, hacking exploits and patches, check out ZDNet UK's Security News Section.

Have your say instantly, and see what others have said. Go to the Security forum.

Let the editors know what you think in the Mailroom.

  • Email
  • Trackback
  • Clip Link
  • Print friendly Print with Dell

Did you find this article useful?
46 out of 95 people found this useful


Talkback

Post a comment


Full Talkback thread

0 comments

Related Links

More In Online business



Company/Topic Alerts

Create a new alert from the list below:







Related Jobs

Environment Engineer

Other activities would include booking and scheduling rig usage, ensuring all Government Furnished Equipment remains traceable and ensuring currency ...

Classic ASP / ASP.NET / Web Developer Needed

Support for existing systems - Bug fix front and backend systems. My client are a powerful player in B2B publishing, with a portfolio covering over ...

ASP.NET Junior Developer, Warwickshire, 25k

The Position has standard working hours, however flexibility is required to fix issues or meet delivery deadlines. Software Developers are involved ...

Sentry Posts Blog

Skype - The Roach Motel

Here is an interesting article from The National Business Review, pointing out once again that you can never delete a Skype account. Never. Period. This is something I am familiar... More

Post a comment

The vPhone: Why Visa Should Go Mobile

The vPhone: Why Visa Should Go Mobile Author: Eric Everson, Founder MyMobiSafe.com With all of the success of Apple’s iPhone, there is a growing case to support a company like Visa... More

Post a comment

The Google Apple Merger: Fantasy or Fu...

The Google Apple Merger: Fantasy or Future? Author: Eric Everson, Founder MyMobiSafe.com Market research suggests that Microsoft controls upwards of 90% of the respective computer-based... More

2 comments

Featured Talkback

I wonder, who needs .asia domain? I cannot imagine, what would be useful for Microsoft.asia? Toyota.asia? Then let's register .europe (if .eu is too short). Or perhaps Microsoft.southamerica, Dell.australiaandnewzealand, Coca-Cola.africa... Sound funny? Then why not just use the global and country domains? Or perhaps it is time to drop the domains at all?

By: LadyRoot

Read full story:
Businesses advised to register .asia domains