Critical Flaw In Realplayer, Firefox Fixes


Recommended Posts

Critical Flaw in RealPlayer, Firefox Fixes

Erik Larkin

A serious flaw in the RealPlayer media player from RealNetworks could allow an attacker to take control of a victim PC if you open a poisoned movie file, or even just preview it in Windows Explorer, according to a new notice from Fortinet.

The hole in RealPlayer 11 involves the way the program processes Internet Video Recording, or IVR, files. And according to the notice, you wouldn't have to actually open a downloaded, malicious movie to get hit: "A successful attack could take place by merely previewing the IVR file through Windows Explorer."

No word on real-world attacks, thankfully, but there's also no mention of an available patch from RealNetworks. So you can either be extra careful with movie file downloads or uninstall RealPlayer until there's a fix. I'll update this post if I hear back from RealNetworks about any available patch or workaround.

Also, if you use Firefox, be sure you've picked up the 3.0.6 update released earlier this week. Along with stability fixes, the update closes six security holes, one of which could allow an attacker to remotely install malicious software. Click Help | Check for Updates to make sure you've got the fix.

PC World - http://www.pcworld.com/article/159102/crit...efox_fixes.html

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...