RealOne Player needs patch against attackers
To its credit, RealNetworks released a patch for this hole on August 19 and a public advisory was sent out on August 27. If you have copies of any of the RealPlayer software mentioned above, I urge you to apply the patch immediately because a malicious SMIL file will play without any prompt (Yes or No) being displayed to the user. More info Significant Microsoft bulletins this week:
The top alert that I think you need to know about this week isn’t from Microsoft, it’s from RealNetworks. Versions of the company’s RealOne Player, RealOne Enterprise Desktop, and RealOne Desktop Manager, if unpatched, allow a malicious person to run code on a user’s PC if the user plays an audio SMIL file.
= Paid content
All Windows Secrets articles posted on 2003-09-04: