On mySimon: Simple Green Biodegradable Cleaner
BNET Business Network:
BNET
TechRepublic
ZDNet
51 TalkBacks

By Robert Lemos
Posted on ZDNet News: Feb 5, 2004 8:43:00 PM

RealNetworks acknowledged on Wednesday that three flaws affecting different versions of its media player could allow attackers to create corrupt music or video files that, when played, take control of a victim's PC.

The flaws, found by U.K.-based Next-Generation Security Software, can affect RealNetworks' RealOne Player, RealOne Player version 2, RealPlayer 8, RealPlayer 10 Beta, and the company's RealOne Enterprise products. To exploit them, an attacker crafts the data in a media file in a certain way. When people play or stream the corrupted file in a vulnerable version of RealPlayer, the attacker's code will run, compromising the PC.


Get Up to Speed on...
Enterprise security
Get the latest headlines and
company-specific news in our
expanded GUTS section.

"By forcing a browser to a Web site containing such a file, code could be executed on the target machine running in the context of the logged-on user," stated an advisory posted by NGSSoftware.

The vulnerabilities may affect a large portion of the 350 million unique registered users of the media player software, but RealNetworks wouldn't say how many of those people use the vulnerable versions.

"We haven't had any reports of anyone having any issues," Erika Shaffer, a spokeswoman for the Seattle multimedia company, said on Thursday. "However, we take security very seriously and so wanted to get these fixes out."

The flaw can be exploited using a specially crafted media file, which can be one of five types: RealAudio (RAM) file, RealAudio Plugin (RPM) file, RealPix (RP) file, RealText (RT) file or synchronized multimedia integration language (SMIL) file.

Security vulnerabilities that can be exploited through playing a media file have been rare. Last May, a flaw in the way that Microsoft's Windows Media Player handled "skins," or interface colors and motifs, led the software giant to release a patch for that application.

RealNetworks has posted instructions on its Web site for people to update their RealPlayer software.

SponsoredWhite Papers, Webcasts, and Downloads

  • Talkback
  • Most Recent of 51 Talkback(s)
That's a shame
You should read the emails, and then you would know that you're emails for fixes are for all of the apps also. If you do not have those apps installed then you don't need the fix.

What do you m... (Read the rest)
Posted by: Spoon Jabber Posted on: 04/09/04 You are currently: a Guest | | Terms of Use
RealPlayer has always been a piece of..  cybershoplifter | 02/05/04
You can stick it to MS  dg mh | 02/05/04
and get infected  pschroeder@... | 02/05/04
"Bwahahahaha"  Bobby Sskcat | 02/05/04
DID YOU EVEN *READ* THE ARTICLE?  pschroeder@... | 02/06/04
Did you check out the REAL site?  MarcB_z | 02/09/04
RealPlayer flaw infects windows PCs?  stephen732@... | 02/05/04
Thank you, Puma! "IT'S_THE_OS,_STUPID! " Windows, natch!  dicktaurus@... | 02/05/04
Yes, and I blame the road when my car crashes  billywill | 02/06/04
potholes, oil slicks, etal (nt)  ryusen | 02/06/04
Angry drivers cursing a road  FilledOut | 02/06/04
RE  Codedigital | 02/06/04
That's a shame  Spoon Jabber | 04/09/04
If it ain't mpeg, I'm not playing it  toomuchgreeatea@... | 02/05/04
Use Windows Media Player or Quicktime  Christian_<>< | 02/05/04
Yeah  Jose Jimenez | 02/05/04
QT security problems ?  Matthew Wengert | 02/05/04
Sure. Here's one.  joseb_z | 02/05/04
Quicktime security flaws..  middle of nowhere | 02/05/04
You're noticing the trend  KTLA | 02/05/04
Actually WMP has security AND spyware issues...  MarcB_z | 02/05/04
RE  Codedigital | 02/06/04
re  JWatson77 | 02/06/04
Re:  acetroubleshooter | 02/07/04
Security Issues in ALL software !!!!  bunnyman | 02/08/04
Windows Media Player!  bunnyman | 02/08/04
PCs? Which "PCs"be  MarcB_z | 02/05/04
Any PCs that run the Real Player  joseb_z | 02/05/04
All platforms supported by RealOne  Damon K | 02/05/04
Only if it runs windows....  Rick_K | 02/06/04
RE  Codedigital | 02/06/04
RE; RE:  Iain_Peters | 02/06/04
So..  vdraken | 02/06/04
One more time and I'll type s l o w l y  MarcB_z | 02/06/04
It mat be a flaw to Real but is a feature in WMP(nt)  nite_w0lf | 02/05/04
Nothing new, same ole Real  FilledOut | 02/05/04
A flaw in Real Player NOT Windows  Christian_<>< | 02/05/04
It's still Microsoft's fault  BruceWheelock@... | 02/06/04
How come only WINDOWS is affected?  MarcB_z | 02/06/04
RE  Codedigital | 02/06/04
Yeah right  MarcB_z | 02/09/04
re: A flaw in Real Player NOT Windows  Iain_Peters | 02/06/04
In other words...  MarcB_z | 02/06/04
Its just so sad.  Tammee | 02/06/04
...But ONLY on Windows  brenthawkinsmd | 02/06/04
only on windows  richhayes | 02/08/04
Only the WINDOWS version is exploitable! (NT)  MarcB_z | 02/09/04
right on wink  princessangry | 02/09/04
Darn Real, you coded it and flawed  FilledOut | 02/06/04
customers  FilledOut | 02/06/04
Codec Compromised?  OnexLivedGod@... | 02/06/04

What do you think?

advertisement
advertisement
Click Here

White Papers, Webcasts, and Downloads

SmartPlanet

  • Thought-provoking progressive ideas on diverse topics that intersect with technology, business, and life, and matter to the world at large. Visit SmartPlanet
  • More from IBM
  • Innovate your business' process model, play against the market, compete against others on our scoreboards and WIN! Try INNOV8 2.0: A BPM Simulator
  • Enabling Real-World Business Transformation through IBM Service Management Read the EMA Analyst Report
Click Here