Approximate time to read: 2 minutes
A recent post on a computer forum..
I have a pop up box that tells me that it wants to install an upgrade.RealNetworks has identified a security risk in RealPlayer that may make your computer vulnerable to viruses and malware. RealNetworks has issued a fix and it is highly recommended that you download it at this time.
The vulnerability has been identified as a malicious Web page which affects the import method of an Active X control to cause a stack overflow in the RealPlayer. CVE-2007-5601. This posting is applicable to versions of the product downloaded before October 25th, 2007.
There is then a link that promises more information.
I’ve had no problems using Real Player. Is this genuine or is somebody out to get me?
Now, if I’d had a chance to get their first, I’d have suggested he stop being so paranoid and run it. The same forum is full of people scared about security issues – here is a Real pop-up box telling them to install a critical update to protect them. And they don’t want to.
This was closely followed up with…
Real’s own site mentions upgrades, but when i asked for information on the 26th October upgrade none was available. As I’ve had no trouble with it I think I’ll stay with the version I’ve got.
Arrrgghhhh. Well I hope he gets hit by the vulnerability.
As I’ve said before the paranoia about computer security is at absolutely epic proportions, but a little common sense is all it takes. Why bitch and complain about PC’s being unsecure when you won’t install critical security updates? More often than not, the people on these forums are even too paranoid to run automatic Windows updates. Personally, I wish there was an option to automatically install non-urgent updates to Windows as well.
But maybe that’s just me.