Real To Close Security Hole in RealPlayer
Source: NewsBytes
RealNetworks [NASDAQ:RNWK] will release a patch for a security flaw in its RealPlayer 8 software that could allow a rogue site to crash the player and potentially execute malicious code.
According to a company spokesperson, the patch will correct a buffer overflow bug reported to RealNetworks last week by Tim Morgan, an Oregon-based security expert. The media firm will distribute the patch to users through its automatic update service beginning Friday.
The RealPlayer 8 is used by millions of Internet media fans to play a variety of audio and video file types, including proprietary formats developed by RealNetworks. The player is installed on 90 percent of all home PCs in the U.S., according to the company.
By altering the header information in Real media files, it is possible to overflow the player's memory buffers and cause it to crash, Morgan discovered. As a demonstration, Morgan posted at his site a modified version of a sample media file that ships with the RealPlayer.