August 15th, 2004, 01:38 AM
RealPlayer Unspecified Flaw Lets Remote Users Execute Arbitrary Code
From Zone H.org:
And here's some more information.
Date: Aug 12 2004
Impact: Execution of arbitrary code via network, User access via network
Advisory: eEye Digital Security
Description: A vulnerability was reported in RealPlayer. A remote user can execute arbitrary code.
eEye Digital Security reported that a remote user can cause arbitrary code to be executed on the target user's system with the privileges of the target user. The specific nature of the vulnerability was not reported.
Default installations are affected, the report said.
The vendor was notified on August 9, 2004.
The original notice is available at:
Impact: A remote user can execute arbitrary code on the target system with the privileges of the target user.
Solution: No solution was available at the time of this entry.
Vendor URL: www.real.com/
Cause: Not specified
August 15th, 2004, 01:48 AM
Oh that's just great..........
I get ONE piece of S/W I can really work with, and it gets this...........
As an aside. Is there any way of knowing how long they take to sort out, and release the update ?
And is the S/W at risk if you have your security set up running ? As opposed to Joe Public, who wouldn't know security if it bit them on the ass..........
55 - I'm fiftyfeckinfive and STILL no wiser,
Beware of Geeks bearing GIF's
come and waste the day :P at The Taz Zone
August 15th, 2004, 01:52 AM
The update I'm not too sure about nor really that last question. However, I don't think it's really at-risk that much if you have your security setup running. Like you said, opposed to Joe Public (my name's Joe, but not Public ) who wouldn't have security and would probably have the flaw and the risk at a higher level.