Remortgages

US-CERT Alert: Multiple Buffer Overflow Vulnerabilities in RealNetworks, Inc.'s Products

April 5, 2006 -- US-CERT is aware of multiple vulnerabilities in RealNetworks, Inc.'s Products. Each of these vulnerabilities may result in a buffer overflow within RealPlayer that could allow a remote attacker execute arbitrary code.
These vulnerabilities can be exploited by convincing a user to:

* access a web page that references a specially crafted Flash (SWF) file
* access a web page that references a specially crafted mimio boardcast (MBC) file
* access a RealMedia file embedded in web page hosted on a malicious server

More information can be found in the following:

* US-CERT Vulnerability Note: VU#231028 - RealNetworks RealPlayer vulnerable to buffer overflow via a specially crafted flash media file

* US-CERT Vulnerability Note: VU#451556 - RealNetworks RealPlayer vulnerable to buffer overflow via specially crafted MBC file

* US-CERT Vulnerability Note: VU#172489 - Numerous RealNetworks products fail to properly handle chunked data

* RealNetworks, Inc.: March 22, 2006 Security update

US-CERT recommends the following actions to mitigate the security risks:

* Apply the patches supplied in the RealNetwork Security Update for March 2006.
* Disable the RealPlayer ActiveX control in Microsoft Internet Explorer.
* Disable the RealPlayer Plugin in in other web browsers.
* Do not visit unknown or untrusted websites and do not follow suspicious links.

US-CERT encourages users to apply the appropriate updates, patches, or fixes as soon as possible.

Source: US-CERT

[ Comment, Edit or Article Submission ]