The Web    Google
Macromedia, RealNetworks Release Patches

Macromedia, RealNetworks Release Patches
January 2, 2003

A pair of multimedia software companies -- Macromedia, Inc. and RealNetworks, Inc. -- has released patches for vulnerabilities in their respective products that may result in buffer overflows.

eEye Digital Security found a flaw that renders Macromedia Flash Players published prior to Dec. 12, 2002 vulnerable to attacks in which malformed Flash movies could cause a buffer overflow, potentially allowing an attacker to take over a target system. Macromedia notes the attack can occur only with movies edited by hand, with a binary editor; the company's Macromedia Flash authoring tool will not output such malformed movies.

Macromedia says it worked with eEye Digital Security to remedy the issue and has posted an updated player -- version 6,0,65,0 or later -- in its download center.

RealNetworks, meanwhile, says its Helix Universal Server version 9.0 (specifically, version contains three potential buffer overflow vulnerabilities. Each involves sending invalid streams of data to the server, ranging from malformed transport headers to very long URLs and invalid HTTP GET requests.

The company says it has yet to receive reports of any of the vulnerabilities being exploited in the field. On Dec. 19, RealNetworks released patches for all its actively supported server platforms. See here for details.

  • More Headaches for Sendmail
  • InstaGate SCM Offers Integrated Secure Content Management
  • Symantec, Nortel Play Team Defense
  • Lasco.A Poses New Mobile Threat
  • 12/17: Atak.J Worm Uses Own Engine
  • 5/6: Bakaver.A Infects Portable Drives
  • WiFi Security Concerns Easing
  • CERT, ArcSight Partner With 3 Universities On Security Sharing
  • Will Users of Word 97 'Bug' Out?
  • 11/29: QLowZones-2 Modifies IE Settings
  • Researcher: IE Cumulative Patch Inadequate
  • Discussion on Security Camera