Results 1 to 5 of 5

Thread: RealPlayer flaws open PCs up to hijackers

  1. #1
    Head Honcho Administrator Reverend's Avatar
    Join Date
    Apr 2002
    Location
    England
    Posts
    14,044

    RealPlayer flaws open PCs up to hijackers

    RealNetworks acknowledged on Wednesday that three flaws affecting different versions of its media player could allow attackers to create corrupt music or video files that, when played, take control of a victim's PC.

    The flaws, found by U.K.-based Next-Generation Security Software, can affect RealNetworks' RealOne Player, RealOne Player version 2, RealPlayer 8, RealPlayer 10 Beta, and the company's RealOne Enterprise products. To exploit them, an attacker crafts the data in a media file in a certain way. When people play or stream the corrupted file in a vulnerable version of RealPlayer, the attacker's code will run, compromising the PC. "By forcing a browser to a Web site containing such a file, code could be executed on the target machine running in the context of the logged-on user," stated an advisory posted by NGSSoftware.

    The vulnerabilities may affect a large portion of the 350 million unique registered users of the media player software, but RealNetworks wouldn't say how many of those people use the vulnerable versions. "We haven't had any reports of anyone having any issues," Erika Shaffer, a spokeswoman for the Seattle multimedia company, said on Thursday. "However, we take security very seriously and so wanted to get these fixes out."

    The flaw can be exploited using a specially crafted media file, which can be one of five types: RealAudio (RAM) file, RealAudio Plugin (RPM) file, RealPix (RP) file, RealText (RT) file or synchronized multimedia integration language (SMIL) file.

    RealNetworks has posted instructions on its Web site for people to update their RealPlayer software.

    c|net

    =========== Please Read The Forum Rules ===========

  2. #2
    all bets are off... TZ Veteran SupaStar's Avatar
    Join Date
    Jul 2002
    Location
    Australia
    Posts
    1,680
    Good think I keep away from RealPlayer. Hope no vulnerabilities are found for WinAMP!!

  3. #3
    Techzonez Governor Super Moderator Conan's Avatar
    Join Date
    Apr 2002
    Location
    Philippines
    Posts
    4,343
    I keep away from this software too!

  4. #4
    Security Intelligence TZ Veteran cash_site's Avatar
    Join Date
    Jul 2002
    Location
    Software Paradise
    Posts
    3,852
    I have never liked Real Software, from the days that they install files everywhere and so hard to remove! These exploits only further justify the actions. I also hope Winamp is ok or even better doesnt get targetted!

    Conan, why dont you like winamp? what do you use, just WMP9??

    --- 0wN3D by 3gG ---

  5. #5
    Techzonez Governor Super Moderator Conan's Avatar
    Join Date
    Apr 2002
    Location
    Philippines
    Posts
    4,343
    Quote Originally Posted by cash_site
    Conan, why dont you like winamp? what do you use, just WMP9??
    Sorry I was referring to Realplayer. But I do use WMP9 mostly.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •