After Hours

Critical flaw in RealPlayer and Flash, warns US-CERT

US-CERT has issued a warning concerning an unpatched vulnerability in RealPlayer and a flaw affecting Flash files.

US-CERT has issued a warning concerning an unpatched vulnerability in RealPlayer and a flaw affecting Flash files.

An excerpt from Register:

A flaw in RealPlayer 11 build 6.0.14.748 might be used to inject hostile code onto Windows boxes running the software, security notification firm Secunia warns. Other versions of the media player software may also be vulnerable.

The vulnerability is caused by a stack overflow, and the link above also provides a flash demo. There was another warning issued concerning a vulnerability in Flash that allowed the execution of remote cross site scripting attacks.

More information:

US-CERT Warns of Flaw in Latest RealPlayer (TMCnet)

Critical vulnerability in RealPlayer (Heise Security)

RealPlayer Unspecified Buffer Overflow Vulnerability (Secunia)

US-CERT warns of RealPlayer exploit (SC Magazine)

Editor's Picks