02/06/2004: 
Technologica
Real Player struck by massive security hole
from ISTS @ Dartmouth
Jouko Pynnanen and Mark Litchfield of NGSSoftware have discovered a vulnerability in the popular Real Player media program that could allow an attacker to run arbitrary code on a machine. Attackers can modify Real Media files (.rp, .rt, .ram, .rpm, and .smil) to exploit a buffer overflow; users would only have to click a link to run such a file to fall victim to the attack. The researchers informed Real Media of the flaw so the company could develop a patch before disclosing the flaw to the public. The flaw affects nearly all of the company's media players. Users can update their players by clicking the "Check for Update" feature under "Tools." Most users turn off automatic updates due to Real Media's aggressive advertising.
Check out Real's security bulletin.
