iDefense is warning users of several critical vulnerabilities in several versions of its online media application, RealPlayer, that could open the door for a remote code execution attack on both Windows and Mac systems, according to iDefense Labs security blog.
Altogether, the vulnerabilities affect RealPlayer, an application for playing online media files, in Windows versions 11.0 through 11.0.4, Windows 10.5, Mac RealPlayer 10, RealPlayer 10.1.0.3830 on Linux.
One of the critical vulnerabilities is a buffer overflow issue within RealPlayer when it handles compressed GIF files. Specifically, the error occurs in the CGIFCodec::InitDecompress() function and could lead to heap corruption, which can pave the way for attackers to execute malicious code remotely.
If exploited, an attacker could launch malicious code on a user's system by enticing a victim into opening an RTSP (Real Time Streaming Protocol) stream. Once the victim opened the stream, the attack would inject a malformed compressed GIF image into a RTSP stream, launching malicious code onto the user's system.
Read the full article at CRN.com
 |
 |
 |
 |
 |