Menu
RealPlayer, Helix Player vulnerable to attack

RealPlayer, Helix Player vulnerable to attack

Updates are now available that fix critical vulnerabilities in RealPlayer and Helix Player, two versions of a popular multimedia player.

Users are being advised to upgrade to newer versions of the RealPlayer and Helix Player multimedia products because of a critical security flaw.

The flaw could allow an attacker to gain control over a user's PC using a buffer overflow vulnerability, a memory problem that can allow unauthorized code to run on a machine, according to iDefense Inc.

The vulnerability was discovered last October but publicly disclosed Tuesday on iDefense's Web site.

Affected versions of the software include the 10.5 "gold" RealPlayer and any 1.x version of Helix Player, according to the French Security Incident Response Team (FrSIRT).

FrSIRT categorised the problems as "critical," adding that a denial-of-service attack is also possible.

RealPlayer users should receive notification of a "critical update," advising them to upgrade to the beta version of a new release, version 11, said Lewis Webb [cq], a spokesman for RealNetworks Inc.. The new version can be downloaded from the RealPlayer Web site, although the site does not mention the security problem.

Current versions of Helix Player, an open-source version of RealPlayer, are available on its developer Web site, at https://player.helixcommunity.org/2005/downloads/

For a successful attack, a user would have to be tricked into downloading from a Web site a malicious SMIL (synchronised multimedia integration language) file, a format used in rendering media, iDefense said.


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Featured

Slideshows

Reseller News launches new-look Awards at 2018 Judges’ Lunch

Reseller News launches new-look Awards at 2018 Judges’ Lunch

Introducing the Reseller News Innovation Awards, launched to the channel at the 2018 Judges’ Lunch in Auckland. With more than 70 judges now part of the voting panel, the new-look awards will reflect the changing dynamics of the channel, recognising excellence across customer value and innovation - spanning start-ups, partners, distributors and vendors.

Reseller News launches new-look Awards at 2018 Judges’ Lunch
Kiwi channel debates GDPR as Reseller News Exchange hits Wellington

Kiwi channel debates GDPR as Reseller News Exchange hits Wellington

This exclusive Reseller News Exchange, in association with Arrow ECS ANZ, ForeScout and StorageCraft, went on the road to debate the early implications of GDPR in New Zealand, extracting opportunities while evaluating challenges for the channel in the year ahead.

Kiwi channel debates GDPR as Reseller News Exchange hits Wellington
Show Comments