RealNetworks Reveals Exploit on RealPlayer 8
RealNetworks Inc.
The hole has been dubbed as "buffer overrun" and Cotter said there have been no reports that any user of that media player has been affected.
Tim Morgan, of Oregon, reported the issue to RealNetworks on Jan. 17, dubbing it a "medium" risk exploit.
Morgan said the Real Media file format contains a variety of strings in its header. By manipulating the way a file is formatted, it is possible to overflow memory buffers which store these strings. This could let an attacker run arbitrary code on a user's machine.
Though he claims he is no security expert, Morgan posted a detailed script of the exploit on his site ChickenSentinel.com here.
Cotter also said a fix will released by the end of day Friday via the RealPlayer AutoUpdate Service and for Enterprise
RealPlayer users here.
Friday alerted the public to a security exploit affecting RealPlayer 8 that could allow an attacker to run
arbitrary code on a victim's machine, according to company spokesperson Dave Cotter.