HZGN.COM
welcome to my space
X
Welcome to:hzgn.com
Feng Shui | Graphic Design | Cosmetics | Causes and Organizations | Regulatory Compliance | Gadgets and Gizmos | Computer Forensics | Tools and Equipment | Related articles
Search:  
NAVIGATION - HOME

Security Holes in RealPlayer, QuickTime

Published by: anonym 2008-11-22

Researchers are warning of serious security holes in two popular digital media players -- RealNetworks' RealOne and Apple's QuickTime -- that have put millions of systems at risk.

The vulnerabilities, which are not related, affect the way the media players read certain file types and could leave susceptible systems open to intrusion.

RealNetworks confirmed the security hole in its flagship media player, which has enjoyed widespread adoption among digital media enthusiasts. Affected versions of the player include the RealOne Player and RealOne Player v2 for Windows, RealPlayer 8 for Windows, RealPlayer 8 for Mac OS 9, RealOne Player for Mac OS X, RealOne Enterprise Desktop Manager and RealOne Enterprise Desktop.

The company said the Helix DNA Client was not affected by this vulnerability.

In an advisory, RealNetworks warned that a hacker could create a specifically corrupted Portable Network Graphics (PNG) file to cause heap corruption.

A successful exploit of the flaw would an attacker to execute arbitrary code on a user's machine, the company cautioned, noting the vulnerability was due to the usage of an older, vulnerable version of a data-compression library within the RealPix component of the Player.

"In addition to fixing the reported vulnerability, RealNetworks performed a review of all of the RealOne Player source code to identify other areas where this data-compression library is used. As a result of this review, several additional Player components have also been fixed, and are included in the provided updates," the company said, urging users to immediately install the updates to all the flawed media players.

Separately, security research firm iDefense warned of an exploitable buffer overflow in QuickTime, the media player owned by Apple Computer.

An alert warned that a URL containing 400 characters will overrun the allocated space on the stack overwriting the saved instruction pointer (EIP) and open the door for an attacker to redirect the flow of control and execute arbitrary code.

"Any remote attacker can compromise a target system if he or she can convince a user to load a specially crafted exploit URL. Upon successful exploitation, arbitrary code can be executed under the privileges of the user who launched QuickTime," the company said.

QuickTime Player versions 5.x and 6.0 for the Microsoft Windows platform are vulnerable but QuickTime for MacOS did not contain the vulnerability, iDefense said. Apple has released QuickTime 6.1 which patches the flaws.




Apache Rushes to Fix Serious DoS Hole
Red Hat Launches ISV Program

PRINT Add to favorites
#If you have any other info about this subject , Please add it free.#
Your name:
E-mail:
Telphone:

Your comments:


If you have any other info about Security Holes in RealPlayer, QuickTime , Please add it free.
 Homepage | Add to favorites | Contact us | Exchange links | LOGIN | Site map | 
Copyright© 2008 hzgn.com        Site made:CFZ