Published in News
Realplayer baffled over zero-day flaw claim
Gleg refuses to spill the beans
Months after it first revealed a zero-day flaw in Real Player, Russian security company Gleg is refusing to tell anyone how to fix it.
According to Daniweb, Gleg's Evgeny Legerov revealed the zero-day exploit but seems unwilling or unable to provide the necessary data to allow the alleged gaping security hole to be patched. Gleg has been approached several times by RealNetworks and CERT, but has only posted a video showing the heap overflow/code execution exploit in action.
The company is being hounded by others in the IT industry for not handing over details. It means that Gleg customers get client side exploit information before the vendor can patch it. Legerov claims that the exclusivity is required so that his customers can better understand the level of risk that they face.