Security threats Toolkit

RealNetworks fixes security glitches

Joris Evers CNET News.com

Published: 24 Jun 2005 09:45 BST

Several security holes in RealNetworks' widely used media player software could put PCs at risk of attack, the company has warned.

Four vulnerabilities in RealPlayer have been discovered, the most serious of which could allow an intruder to gain control of a computer, RealNetworks said in a security notice posted on Thursday. Software updates are now available to plug the holes, the company said.

Security experts from the French Security Incident Response Team, or FrSIRT, labelled the problems as 'critical' -- the highest rating -- in an alert issued on Thursday.

The problems exist in current and some older releases of RealPlayer, and they affect versions for Windows as well as Mac OS and Linux, RealNetworks said. In addition, one of the newly patched bugs also is found in Rhapsody 3, the software used in RealNetworks' music service.

Three of the four flaws could be exploited using a malicious media file, RealNetworks said. Specially crafted RealMedia and AVI files could allow an attacker to take over a user's computer, while a malicious MP3 file could be used to overwrite local files or execute ActiveX controls, it said.

To take advantage of the fourth flaw, a hacker would need to build a malicious Web site. However, the attack would require the user to be running earlier versions of Internet Explorer with standard settings on the computer, RealNetworks said.

To see which products are affected and to download updated versions, click here.