Published in News

Realplayer baffled over zero-day flaw claim


Image

Gleg refuses to spill the beans


Months
after it first revealed a zero-day flaw in Real Player, Russian security company Gleg is refusing to tell anyone how to fix it.

According to Daniweb, Gleg's Evgeny Legerov revealed the zero-day exploit but seems unwilling or unable to provide the necessary data to allow the alleged gaping security hole to be patched. Gleg has been approached several times by RealNetworks and CERT, but has only posted a video showing the heap overflow/code execution exploit in action.

The company is being hounded by others in the IT industry for not handing over details. It means that Gleg customers get client side exploit information before the vendor can patch it. Legerov claims that the exclusivity is required so that his customers can better understand the level of risk that they face.

More here.
Last modified on 11 February 2008
Rate this item
(0 votes)