Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Media Player Vulnerabilities Raise Control Issues

A format string error can occur when a malformed .rp or .rt file is clicked and RealPlayer or Helix Player are launched, according to a report by the French Security Incident Response Team (FrSIRT). Malicious attackers can take advantage of the error to gain remote control of users' computer systems. In June, FrSIRT identified and Real Networks created patches for four such flaws that affected Windows, Mac and Linux, but the team found more vulnerabilities in the Linux apps in late September, forcing the development of new patches.

Real Networks has reacted quickly to these remote execution threats and says it "takes security issues very seriously." But if it truly takes security seriously, it should offer users or IT departments the option to block embedded calls to outside Web sites. IT departments also could use some help from Real Networks with installing the patches. It's hard enough getting users to install operating system patches, let alone update their music and video software.