RealPlayer for Linux has Zero-Day vulnerability

RealPlayer for Linux has Zero-Day vulnerability

Now, Linux software is showing the kind of security risks, which are more frequent with the Windows, based applications. However, the issues are limited to just two applications as per the information released in the media. Linux versions of RealNetworks’ popular RealPlayer and Helix Player are vulnerable to this particular issue popularly known as the zero-day vulnerability and it could potentially open a system to allow attackers to execute commands remotely.

A hacker can execute a script remotely on a Linux system if he manages to convince the user to open a malformed .rp (realpix) or .rt (realtext) file. These formats are RealNetworks’ own specified file formats and are played by RealPlayer and Helix. Most likely situation is to entice the users to open these files through a web browser by visiting a website.

French security firm FrSIRT rates the Linux-only vulnerability as “critical” considering the exploit code has been published on the internet and a patch has not yet been posted by RealNetworks. The people responsible for the code release on the internet have said that they had informed the company about the bug before releasing the exploit code on the internet.

RealNetworks has for now not released a patch and advices the users to avoid opening files from unknown and unverified sources.