Menu
RealPlayer, Helix Player vulnerable to attack

RealPlayer, Helix Player vulnerable to attack

Updates are now available that fix critical vulnerabilities in RealPlayer and Helix Player, two versions of a popular multimedia player.

Users are being advised to upgrade to newer versions of the RealPlayer and Helix Player multimedia products because of a critical security flaw.

The flaw could allow an attacker to gain control over a user's PC using a buffer overflow vulnerability, a memory problem that can allow unauthorized code to run on a machine, according to iDefense Inc.

The vulnerability was discovered last October but publicly disclosed Tuesday on iDefense's Web site.

Affected versions of the software include the 10.5 "gold" RealPlayer and any 1.x version of Helix Player, according to the French Security Incident Response Team (FrSIRT).

FrSIRT categorised the problems as "critical," adding that a denial-of-service attack is also possible.

RealPlayer users should receive notification of a "critical update," advising them to upgrade to the beta version of a new release, version 11, said Lewis Webb [cq], a spokesman for RealNetworks Inc.. The new version can be downloaded from the RealPlayer Web site, although the site does not mention the security problem.

Current versions of Helix Player, an open-source version of RealPlayer, are available on its developer Web site, at https://player.helixcommunity.org/2005/downloads/

For a successful attack, a user would have to be tricked into downloading from a Web site a malicious SMIL (synchronised multimedia integration language) file, a format used in rendering media, iDefense said.


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Featured

Slideshows

EDGE 2018: Kiwis kick back with Super Rugby before NZ session

EDGE 2018: Kiwis kick back with Super Rugby before NZ session

New Zealanders kick-started EDGE 2018 with a bout of Super Rugby before a dedicated New Zealand session, in front of more than 50 partners, vendors and distributors on Hamilton Island.‚Äč

EDGE 2018: Kiwis kick back with Super Rugby before NZ session
EDGE 2018: Kiwis assess key customer priorities through NZ research

EDGE 2018: Kiwis assess key customer priorities through NZ research

EDGE 2018 kicked off with a dedicated New Zealand track, highlighting the key customer priorities across the local market, in association with Dell EMC. Delivered through EDGE Research - leveraging Kiwi data through Tech Research Asia - more than 50 partners, vendors and distributors combined during an interactive session to assess the changing spending patterns of the end-user and the subsequent impact to the channel.

EDGE 2018: Kiwis assess key customer priorities through NZ research
Show Comments