RealNetworks has issued an update to its RealPlayer media software, notes TechWorld. Real says the patch fixes four “exploits” — (1): To fashion a malicious MP3 file to allow the overwriting of a local file or execution of an ActiveX control on a customer’s machine. (2): To fashion a malicious RealMedia file which uses RealText to cause a heap overflow to allow an attacker to execute arbitrary code on a customer’s machine. (3): To fashion a malicious AVI file to cause a buffer overflow to allow an attacker to execute arbitrary code on a customer’s machine. (4): Using default settings of earlier Internet Explorer browsers, a malicious Web site could cause a local HTML file to be created and then trigger an RM file to play which would then reference this local HTML file.
