RealNetworks Inc. Friday alerted the public to a security exploit affecting RealPlayer 8 that could allow an attacker to run
arbitrary code on a victim's machine, according to company spokesperson Dave Cotter.
The hole has been dubbed as "buffer overrun" and Cotter said there have been no reports that any user of that media player has been affected.
Tim Morgan, of Oregon, reported the issue to RealNetworks on Jan. 17, dubbing it a "medium" risk exploit.
Wave 906::
on the Internet, said Rob Glaser, chairman and CEO, RealNetworks, Inc. · More than 8 million RealPlayer G2 players have been downloaded in 3 months.
http://www.wave-report.com/1998_Wave_issues/wave906.htmlHOME |
Morgan said the Real Media file format contains a variety of strings in its header. By manipulating the way a file is formatted, it is possible to overflow memory buffers which store these strings. This could let an attacker run arbitrary code on a user's machine.
Real reveals six new bugs in RealPlayer - Mac software - Macworld UK::
RealNetworks said that the most up-to-date Windows editions of RealPlayer 10.5 also can be exploited on Mac and Linux machines that have RealPlayer installed.
http://www.macworld.co.uk/macsoftware/news/index.cfm?RSS&NewsID=19503HOME |
"As it turns out, RealPlayer blindly trusts the number in front of the string to indicate the true length of the string, and doesn't check to see if this number is smaller than the allocated buffer length," Morgan explained. "Thus, with certain strings, it is very easy to cause RealPlayer to crash consistently by making the two bytes in front of a string 0xFFFF."
Though he claims he is no security expert, Morgan posted a detailed script of the exploit on his site ChickenSentinel.com here.
Cotter also said a fix will released by the end of day Friday via the RealPlayer AutoUpdate Service and for Enterprise
RealPlayer users here.
 Macromedia JRun Finds Harmony with J2EE 1.3
 Apache 1.3.23 Hits the Web
|
