Karaoke Players
Vulnerabilities discovered in popular media players

Security vulnerabilities have been found in RealNetworks' RealPlayer and Apple Computer's QuickTime.

Both programs have security weaknesses which may allow someone to execute malicious code on a user's computer. Real Networks says an attacker could cause a heap corruption, which would allow code to be executed on a user's machine. The vulnerability is caused through a data-compression library within the RealPix component of the player. The security hole can be fixed by using an updated version of the data-compression library.

The following programs are affected by the hole: RealOne Player, RealOne Player v2 for Windows, RealPlayer 8 for Windows, RealPlayer 8 for Mac OS 9, RealOne Player for Mac OS X, RealOne Enterprise Desktop Manager and RealOne Enterprise Desktop .

Security firm iDefense claims Apple's QuickTime Player is vulnerable to a buffer overflow, but only when using the player on a Microsoft platform. A buffer overflow occurs when a program's memory is scrambled with a flood of information. Attackers can insert their own code or take over a machine by causing the overflow.

iDefense claims a URL containing 400 characters or more will cause a buffler overflow, allowing someone to take over a machine. QuickTime Player versions 5.x and 6.0 for Windows are said to be vulnerable to this exploit.

Apple recommends installing QuickTime 6.1 to overcome the problem.

© Friday, 4 April 2003 By Geoff Nicholson