![]() See RealPlayer Security Vulnerability for information about upgrading and patching RealPlayer. Note that the RealPlayer software does not need to be running for this vulnerability to be exploited.įor more information, please see US-CERT Vulnerability Note VU#871673. Macintosh and Linux versions of RealPlayer are not affected.īy convincing a user to view a specially crafted HTML document or HTML mail message, a remote, unauthenticated attacker may be able to execute arbitrary code with the privileges of the user on a vulnerable system. The ActiveX control was introduced in RealOne Player, so Windows versions of RealPlayer 8 and earlier are not affected. ![]() This vulnerability can be exploited using the IERPCtl ActiveX control, which effectively means that only Windows Internet Explorer users are affected. There are public reports that this vulnerability is being actively exploited. ![]() RealNetworks has released a patch for this vulnerability as described in RealPlayer Security Vulnerability. The IERPCtl ActiveX control is present in RealOne Player and later versions. RealPlayer does not adequately validate the playlist parameter passed from the ActiveX control, resulting in a stack buffer overflow vulnerability. RealPlayer for Microsoft Windows includes the IERPCtl ActiveX control, which can be used with Internet Explorer to import a local file into a playlist. RealNetworks RealPlayer is a multimedia application that allows users to view local and remote audio and video content.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |