 http-equiv has discovered a vulnerability in RealPlayer, which can be exploited by malicious people to bypass certain security restrictions.
The problem is that RealMedia ".rm" files can open local files in the built-in browser. This can be exploited by e.g. a malicious website to load a local HTML document in a local context via a specially crafted RealMedia file.
Exploit code has been published which combines this vulnerability with a publicly
known vulnerability in Microsoft Internet Explorer to compromise a user's system,
see:
http://www.securityteam.us/article.php/20050110083930650
The vulnerability has been confirmed on version 10.5 (build 6.0.12.1056). Other
versions may also be affected.
SOFTWARE:
RealPlayer 10.x
SOLUTION:
Don't open untrusted ".rm" files and restrict ".rm" files from being opened
automatically from within browsers.
PROVIDED AND/OR DISCOVERED BY:
http-equiv
VERIFY ADVISORY:
http://secunia.com/advisories/14087/
Secunia Security Advisories
| 
Contribute :
Advanced Search :
Web Resources :
Polls :
File Repository
