Slashdot Mirror

← Back to Stories (view on slashdot.org)

Three Vulnerabilities Discovered in Real Player

Posted by CowboyNeal on from the playing-for-a-fool dept.

prostoalex writes "British Next-Generation Security Software discovered three vulnerabilities in popular Real Player. A malicious attacker can execute arbitrary code by offering corrupted RealAudio stream. Real Networks posted the instructions on dealing with security flaws."

8 of 286 comments (clear)

  1. I miss Progressive Networks... by LostCluster · · Score: 4, Interesting

    When the company was called Progressive Networks, they put out some of the most revolutionairy software on the Internet... software that could make decent sounding realtime talk radio streams with just 14.4kbps of modem bandwidth to work with. When 28.8kbps modems came out, they came up with a codec good enough for most FM radio stations...

    But, oh how the mighty have fallen. The RealNetworks of today stopped advancing their audio protocols long ago, and have sense been lapped by the field of other audio standards. Now, RealNetworks is more of a content company, selling "-Pass" products that create monthly fees to access streams that used to be free.

    So, I guess I'm not surprised that there's a "lazy programmer" style security flaw in their products today. They stoped being a tech innovator, and have slid over into the category of a content pusher. Oh well... another .com bites the dust.

    1. Re:I miss Progressive Networks... by wankledot · · Score: 5, Interesting
      Very well said.

      It's very sad for me to see what's happened to Real. I worked there for over a year recently, and I really wish they could turn things around move back to what they did well back in the day.

      They need to:
      1) fire the entire marketing team. They're horrible
      2) lose any of the quick-money things they do (ads, tricking people into paying for the Plus player or *pass accounts) and focus on rebuilding a quality user base.
      3) Throw away all the 325 million customer records they have, and stop the spam.
      4) Own up to the fact that most people hate them, and the only users that don't have a problem with Real are the ones that don't know them well enough yet. You can only burn so many users until they come back to burn you.

      The saddest thing is that the people who work there genuinely care. They are really talented, and they all know what they SHOULD be doing in order to succeed. Especially the people that work on the actual player. But things can't change until the word comes down from the top. Rob needs to have an epiphany and turn the ship around fast, otherwise they'll be selling what's left to Sony and AOL.

      --
      My sig is blank, I typed this by hand.
  2. The fine print by Anonymous Coward · · Score: 4, Interesting

    "we cannot guarantee and do not warrant that the operation of any RealNetworks product will be error-free, uninterrupted or secure."

    Thanks, I needed that.

  3. Yet another reason to not use it, and use this... by saskboy · · Score: 4, Interesting

    Real Alternative in Media Player Classic. The version I use on XP has some flaws, but it is better than nothing, and I hope doesn't have the same flaws as the REAL Real Player?

    --
    Saskboy's blog is good. 9 out of 10 dentists agree.
  4. Conspiracy by Anonymous Coward · · Score: 4, Interesting

    here's an idea.

    say you have just written a nice little piece of "value-adding" code, say you work at Real, say your boss likes it and would like for every Real customer to have it.

    Both of you would know that a person like me keeps Real Player on my computer only for those "must have real" moments and want nothing further to do with Real.

    Well, well, well, how can they get me to "upgrade" to their new "spyware" (tin foil here)? That's right - hire a 3rd party to "find" very, very nasty bugs...then claim to have THE SOLUTION!!!! Get the NEW version....with the crapware!!!
    br.horyryaryyaryaryyy!!!

  5. Re:Instructions by MoonFog · · Score: 4, Interesting

    For some time RealPlayer was the only "free" plug-in to support SMIL. Fortunately, we now have Ambulant.

    There are still, like you mentioned, several places which offer .rm formats to view their contents. Annoying, but then again, it appears only Quicktime and WMV are the alternatives.

  6. Your Alternative is ... by Poligraf · · Score: 4, Interesting

    ... Microsoft Monopoly.

    The thing is that Real does not have a source of income. Thus, they need to squeeze pennies out of every possible opportunities often not playing nicely (I mean charging for crap, ads and SPAM).

    At the same time, every format owner is trying to make his one a default. Not supporting Real means that their "commercial" format will die causing all contents providers switch to .WMV that looks like "the default choice" for many.

    It is the repetition of the browser wars.

    BTW, I avoid most of their crap by using older version (revision 6.0.6) of the RealPlayer.

    --
    Tigers respect lions, elephants and hippos. Maggots respect no one. (C) S. Dovlatov
  7. Helix? by loconet · · Score: 4, Interesting

    Hey question for you guys, I've seen a lot of negative comments about Real, most of which are understandable as I myself until recently refused to install their bloated software.

    Anyone familiar with the Helix project (www.helixcommunity.org)?

    From the website:


    The Helix community is a collaborative effort among Real, independent developers, and leading companies to extend the Helix DNA(TM) platform, the first open multi-format platform for digital media creation, delivery and playback. The Helix DNA platform is comprised of the following:

    * Helix DNA Client
    * Helix DNA Producer
    * Helix DNA Server
    * RealAudio and RealVideo codecs

    I'm not too familiar with it but is it a step in the right direction for a company that once used to be on the cutting edge of digital media and now is trying to get back in the game? Or is it just another one of their corporate blood sucking tacticts? What are your thoughts?

    --
    [alk]