Slashdot Mirror

← Back to Stories (view on slashdot.org)

Three Vulnerabilities Discovered in Real Player

Posted by CowboyNeal on from the playing-for-a-fool dept.

prostoalex writes "British Next-Generation Security Software discovered three vulnerabilities in popular Real Player. A malicious attacker can execute arbitrary code by offering corrupted RealAudio stream. Real Networks posted the instructions on dealing with security flaws."

10 of 286 comments (clear)

  1. Instructions by DarkHelmet · · Score: 5, Insightful
    Here are some nice instructions on how to deal with Real Player's security flaws:
    1. Click Start, go to Control Panel
    2. Click Add / Remove Programs
    3. Find the program entitled RealPlayer, and uninstall it
    4. Run Adaware to make sure any spyware they might have installed is no longer on your machine
    5. Convince people to Use better alternatives

    I still hate RealPlyaer. Any sort of file format that requires me to install the company's software to use I will eternally hate, regardless of who it is. I hate Real, and I hate Quicktime. I'd ask that they both die a slow miserable death, but I honestly want them both out of the way so that more open standards will take their place faster.

    --
    /^[A-Z0-9._%+-]+@[A-Z0-9.-]+\.[A-Z]{2,4}$/i
    1. Re:Instructions by myrdred · · Score: 2, Insightful

      Ack, it's people like you who give WMP its monopoly. People like you on whom Microsoft depends to use all the bundled software, since you are unwilling to download any alternatives!

    2. Re:Instructions by dbCooper0 · · Score: 2, Insightful
      I hate Real, and I hate Quicktime. I'd ask that they both die a slow miserable death, but I honestly want them both out of the way so that more open standards will take their place faster.

      I Agree wholeheartedly. I had to install from an old copy of RP8 just to watch video from washingtonpost.com because of the inability of RP10 to install properly on my box. I consider myself lucky to have found the install file on another box in my office. They and QT both suck, but they are necessary evils to get the multimedia off the web that most of us have become accustomed to.

      To QT's credit, at least it doesn't default to hijack all my extensions to run with it, but it's still slow, annoying, and pisses me off. For AVI files, I've found that Crystal Player works best on my old, crusty PII machine, where MS's player as well as the Divx player are worthless as of the codecs v.4 and up.

      Screw real, but I still want my news videos (who watches TV, and if so, why?).

      --
      db
      Cig:
      ôô
      /`
  2. I love the disclaimer... by HermesHuang · · Score: 5, Insightful
    Warranty: While RealNetworks endeavors to provide you with the highest quality products and services, we cannot guarantee and do not warrant that the operation of any RealNetworks product will be error-free, uninterrupted or secure. See your original license agreement for details of our limited warranty or warranty disclaimer.
    Essentially, we don't guarantee our product works, but you should still pay us for it. Seems to be the philosophy of many software companies...
  3. Re:I miss Progressive Networks... by orthogonal · · Score: 4, Insightful

    So, I guess I'm not surprised that there's a "lazy programmer" style security flaw in their products today.

    Lazy programmer? Abashed, ashamed, depressed programmer is more like it.

    Real is so widely reviled -- by techies, hell, by anyone who has ever downloaded it -- that I'm sure a large number of Real's programers are dispirited, depressed, and resentful that management turned what had been a reputation for technical innovation into a reputation for deceptive marketing practices.

    Once a programmer has dragged his ass into Real in the morning only to be told for the tenth week in a row to forget codec improvements, it's time to hide another five opt-out click boxes on a drop-down list at the bottom of narrow scroll pane behind a button on the third page on a fifteen page tab dialog, it's no surprise that even if he does get to patch the codecs, he won't be doing anything near his best work.

    --
    Opinions on the Twiddler2 hand-held keyboard?
  4. Re:I miss Progressive Networks... by Anonymous Coward · · Score: 1, Insightful

    I'll provide as much fake data as they want to ask me for.

    and

    I can provide as much fake information as Yahoo asks for...

    You cannot provide a fake IP, at least without a fair amount of technical know-how and effort. Think that's not a problem? Ask the kids who got subpoenaed by the RIAA. Food for thought.

  5. "upgrade to the latest" strategy, no real patching by MMHere · · Score: 5, Insightful

    Real's approach has always been to have their latest & "greatest" software running on your PC. ("greatest" software is less well tested).

    So I run RealPlayer8 Basic when I need to. Their fix is to have me replace it with RealPlayer10 Gold? I don't wanna.

    I also don't like having to upgrade to a newer set of local softwares simply because the "file format" has changed. There aren't that many advances in formats/compression over time, and it seems to me that: new formats are released more frequently than necessary, thus "requiring upgrades" to new readers of said formats.

    (A) Patch the buggy apps you still support; don't make us install new (less well tested) software so often;

    (B) Don't tie the desire to distribute your latest code to [often] unnecessary media format changes.

    "I Sam thee to Dayton! (It's worse than Cleveland.)"

  6. Wrong by Anonymous Coward · · Score: 2, Insightful

    Real Alternative is a reverse-engineered program

    No, its simply an ActiveX wrapper for the original Real dll's, nothing is reverse engineered

    then it starts to be likely they stole the code
    from where ?
    even Real's pseudo-open-source helixcommunity.net the non important gui crap is open but the codecs (the important bit) are still very much closed source and binary format only, so no stealing code as there is none to steal

    so yes Real alternative contains this flaw, but if you want to patch it by installing Real's new player then go right ahead, iam sure they will _love_ for you to install their new "secure" player (along with all its naggging/spyware infestation)

  7. Re:I miss Progressive Networks... by gnu-generation-one · · Score: 4, Insightful

    "I just don't get all you privacy freaks. Really, it doesn't take that much effort to lie to a few simple questions. Grow up"

    You lie to protect your privacy, yet verbally abuse those who take their own privacy seriously and dislike lying?

  8. The "Fix" is to upgrade to RealOne -- no thanks! by WD · · Score: 2, Insightful

    The only fact that allowed RealPlayer to remain on my system was that you didn't need to upgrade to the horrible, slow, ad-infested RealOne player. I've had no problem playing any "real" content with RealPlayer 8. It's not the best player, but compared to RealOne it is lean and mean.

    For people using RP8, the "fix" is to upgrade to the latest RealOne player (V2).

    Given those choices, I think any remaining RealPlayer users will choose to uninstall the software.