On Sun, Mar 03, 2002 at 10:17:10PM +0100, Michiel Heijkoop wrote: > Hey, > > On Sat, Mar 02, 2002 at 09:16:53PM +0300, §ome1 wrote: > > http://127.0.0.1:1275/template.html?src=file://C:/music/file.ram > > from now realplay.exe will listen on port 1275 TCP > As the URL indicates, it's well possible that the webserver only listens to 127.0.0.1, which wouldn't make it a large security risk, unless its ran on an NT-machine under an admin-account and accessed by a regular user, which could then have read-access to files, he/she shouldn't have it to. Perhaps someone with Realplayer installed can check wether this miniserver is binding to all interfaces, or just the loopback? > Not just NT, this bug is present on the linux version as well (8.0-1). A quick check with this version reveals that it listens ONLY on the loopback (127.0.0.1) interface. Still, this could be a serious risk to multi-user systems.
