llbbl
11-27-2002, 04:42 PM
I know one person who wasn't happy to hear this news. I don't think I have the software installed so I'm not worried, but maybe you other 115 million users might have something to think about.
Three similar, though separate, flaws in RealPlayer (and its update RealOne) create a way for crackers to inject hostile code onto Windows boxes of victims induced to run maliciously constructed media files. In common with most buffer overflow flaws (which are typically attributable to programming errors), hostile code could execute in the security context of the logged-on user/victim.
All three flaws were discovered by NGS Software. It notified RealNetworks of the problem on November 1, and the company followed up with an advisory and security fixes on November 20.
Problem is - the fixes don't work.
http://www.theregister.co.uk/content/55/28308.html
Three similar, though separate, flaws in RealPlayer (and its update RealOne) create a way for crackers to inject hostile code onto Windows boxes of victims induced to run maliciously constructed media files. In common with most buffer overflow flaws (which are typically attributable to programming errors), hostile code could execute in the security context of the logged-on user/victim.
All three flaws were discovered by NGS Software. It notified RealNetworks of the problem on November 1, and the company followed up with an advisory and security fixes on November 20.
Problem is - the fixes don't work.
http://www.theregister.co.uk/content/55/28308.html