[23991] in bugtraq
Potential RealPlayer 8 Vulnerability
daemon@ATHENA.MIT.EDU (Dave Cotter)
Fri Jan 25 15:05:11 2002
Message-Id: <5.0.0.25.0.20020124221802.0551b1b0@mail.real.com>
Date: Thu, 24 Jan 2002 23:04:08 -0800
To: BUGTRAQ@securityfocus.com
From: Dave Cotter <dcotter@real.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
On January 17th, 2002, a security exploit affecting RealPlayer 8 was
brought to the attention of RealNetworks. The specific exploit, commonly
known as a "buffer overrun", could allow an attacker to run arbitrary code
on a victim's machine.
We have not yet received reports of anyone actually being attacked with
this exploit, however, a fix will be made available by end of day Friday
via the RealPlayer AutoUpdate Service, and for Enterprise RealPlayer users
at: http://www.service.real.com/help/faq/security/index.html.
RealNetworks would like to thank Tim Morgan for reporting this issue to us
and working with us to protect customers from unauthorized access to
sensitive or proprietary information.
