Applications

RealPlayer bug threatens Windows XP users

US-CERT warns of flaw in latest RealPlayer

By Robert McMillan | Published 08:29, 03 January 08

The US-CERT is warning computer users of a possible problem with the latest version of RealPlayer after a Russian security company claimed to have found a way to exploit a critical flaw in the multimedia software.

US-CERT (United States Computer Emergency Readiness Team) published its warning on Wednesday, the day after Gleg Ltd chief technology officer Evgeny Legerov announced the exploit code in a posting to the Daily Dave security discussion list.

Also in this channel

Zero-day vulnerabilities discovered in Flash PlayerResearchers release exploit for two zero-day remote code execution vulnerabilities in Flash Player >>
RealNetworks patches four critical bugs in multimedia player'Highly critical' flaws could allow local resources to be accessed >>
Microsoft struggles with vulnerability exploit predictions Why not use industry standards, says analyst >>
The most annoying apps on the webThe seven worst offenders exposed >>

Virtualisation, Big Data and BYOD

Check out our Business IT Hub for opinions and briefings. Read more

The flaw affects the latest version of RealPlayer (RealPlayer 11) running on Windows XP, service pack 2, according to Gleg. A Flash demonstration of the vulnerability has been posted to the Gleg website, but the company has not released its attack code or any technical details of the flaw.

Legerov discovered the flaw, called a stack overflow bug, during an audit of the RealPlayer source code.

Gleg sells 'penetration testing' software that can be used by security professionals to find holes in computer networks. The RealPlayer flaw was added to Gleg's VulnDisco SA software on December 16, which means that subscribers have had access to the code for more than two weeks. VulnDisco SA is sold as an add-on to Immunity's Canvas penetration testing platform.

There have been no reports of the code being released to the general public so far. US-CERT has not been able to study the exploit code and confirm that it works, said Art Manion, vulnerability analysis team leader at US-CERT.

Real is working to confirm whether the exploit code actually works, a company spokesman said.

US-CERT is doing the same thing, Manion said. In the meantime, RealPlayer users should be cautious. "If one wants to assume the most cautious possible stance, you don't use it," Manion said.

In October, criminals exploited another flaw in RealPlayer in order to sneak unauthorised software onto victim's computers. That bug has been patched.

Slideshows: Android apps for cloud administrators

Also in slideshows :

Access Computerworld on your mobile

Get the latest news & updates from Computerworld UK on the move. Find out more

Windows 8

Check out our latest articles on Microsoft's next-generation operating system.

Accelerate Your IT Efficiency

View the latest capacity management resources including whitepapers, videos and news.

Latest Slideshows

Click here to view all our slideshows.

Firefox faceoff - Nightly vs Pale Moon vs Waterfox

Three unofficial Firefox variants take advantage of 64-bit processors and 64-bit version of Windows 7

Facebook Timeline - Your complete guide

From making the switch to adjusting your privacy settings

How to Block Google Ads in Gmail

Don't like Google Ads? Here's how to adjust your settings and block advertisers

New Analytics: Enterprise BI models undergo radical transformation

'New analytics' provides access, tools directly to line-of-business users

How to set up Intel Smart Response SSD caching technology

We show you how to set it up and what kind of performance you can expect

iPad business apps every CIO should want

20 top iPad apps for sales forces, IT departments and more

Tesco speeds release of new online applications

Roll out of apps more automated

SAP president claims €1bn worth of in-memory business in the pipeline

Robert Enslin said that interest in SAP's HANA is particularly strong in China and Japan

UK Facebook hacker jailed for 8 months

IBM Watson mastermind says future computers will be constant learners

Mobile network 3 calls on government to lower Europe data roaming charges

Blogs

Agile adoption is a trip down the cone of uncertainty

One of the core principles of Agile is a realistic attitude about the unknown. We might have a rough idea of how much work it will take to complete a project, but we cannot state with the certainty of a...read more »

What's your Big Data score?

If you think the term "Big Data" is wishy washy waste, then you are not alone. Many struggle to find a definition of Big Data that is anything more than awe inspiring hugeness. But, Big Data is real if you...read more »

Open source: an emerging driver for mobile first strategy

The folks from Black Duck have published some interesting information on the use and growth of open source projects in the mobile space. Their data confirms that open source mobile projects are alive and well, even in the age...read more »

The new design-driven development landscape

In the not-too-distant past web-centric software development had a standard workflow between designers and developers. This was possible because there was a single delivery channel (the web browser) and well-established development constructs. Design patterns like Model-View-Controller had well known coding...read more »

more blogs ..

Cheap tablets sees Lenovo shipments grow in China

IT Business >>

Yahoo Axis launched as stand-alone mobile search app

Applications >>

EU data protection regulation and cookie law - Are you ready?

Security >>

Slideshows
White Papers
Videos
Newsletters

Login

Please login to ComputerworldUK.com

Forgot password?

Not a member yet?

Register for a Computerworld UK Account and enjoy unlimited access to our extensive white paper library and exclusive Enterprise multi-user software trials. Account members can also comment on articles and access best practices guides.
Register

HP Business Answers

Join the discussion today

The HP Business Answers group is a vibrant community of small and medium sized business owners and employees. HP provides independent and expert advice in fields such as design, branding, taxation, technology, marketing or manufacturing so join today to network with over 6500 like-minded professionals.

RealPlayer bug threatens Windows XP users

US-CERT warns of flaw in latest RealPlayer

Also in this channel

Related Articles

Most Popular in Applications

Editor's Pick

Blogs

Login

Not a member yet?

HP Business Answers

Join the discussion today

Read the most recent discussions

Sponsored Links »

Popular Topics »