RealNetworks Inc.’s media player software contains vulnerabilities that could let an attacker take control of a PC on which the software is used to download multimedia files, the company confirmed this week.

Corrupt files posing as normal music and video files could allow an attacker to gain control of the downloader’s computer, although RealNetworks stressed in a statement that, as far as it is aware, this has not yet happened.

There are three vulnerabilities: files could be created that will open a Web site on the user’s browser, from where remote Javascript can be operated, files could be created that let the attacker download and use their code on a user’s machine, or media files can be created that will create buffer overrun errors.

The problems have been fixed, and users are advised to download updates from the company’s site, it said.

View: Complete article at InfoWorld
News source: InfoWorld