Slashdot Mirror

← Back to Stories (view on slashdot.org)

Three Vulnerabilities Discovered in Real Player

Posted by CowboyNeal on from the playing-for-a-fool dept.

prostoalex writes "British Next-Generation Security Software discovered three vulnerabilities in popular Real Player. A malicious attacker can execute arbitrary code by offering corrupted RealAudio stream. Real Networks posted the instructions on dealing with security flaws."

3 of 286 comments (clear)

  1. Instructions by DarkHelmet · · Score: 5, Insightful
    Here are some nice instructions on how to deal with Real Player's security flaws:
    1. Click Start, go to Control Panel
    2. Click Add / Remove Programs
    3. Find the program entitled RealPlayer, and uninstall it
    4. Run Adaware to make sure any spyware they might have installed is no longer on your machine
    5. Convince people to Use better alternatives

    I still hate RealPlyaer. Any sort of file format that requires me to install the company's software to use I will eternally hate, regardless of who it is. I hate Real, and I hate Quicktime. I'd ask that they both die a slow miserable death, but I honestly want them both out of the way so that more open standards will take their place faster.

    --
    /^[A-Z0-9._%+-]+@[A-Z0-9.-]+\.[A-Z]{2,4}$/i
  2. I love the disclaimer... by HermesHuang · · Score: 5, Insightful
    Warranty: While RealNetworks endeavors to provide you with the highest quality products and services, we cannot guarantee and do not warrant that the operation of any RealNetworks product will be error-free, uninterrupted or secure. See your original license agreement for details of our limited warranty or warranty disclaimer.
    Essentially, we don't guarantee our product works, but you should still pay us for it. Seems to be the philosophy of many software companies...
  3. "upgrade to the latest" strategy, no real patching by MMHere · · Score: 5, Insightful

    Real's approach has always been to have their latest & "greatest" software running on your PC. ("greatest" software is less well tested).

    So I run RealPlayer8 Basic when I need to. Their fix is to have me replace it with RealPlayer10 Gold? I don't wanna.

    I also don't like having to upgrade to a newer set of local softwares simply because the "file format" has changed. There aren't that many advances in formats/compression over time, and it seems to me that: new formats are released more frequently than necessary, thus "requiring upgrades" to new readers of said formats.

    (A) Patch the buggy apps you still support; don't make us install new (less well tested) software so often;

    (B) Don't tie the desire to distribute your latest code to [often] unnecessary media format changes.

    "I Sam thee to Dayton! (It's worse than Cleveland.)"