RealNetworks Reveals Exploit on RealPlayer 8

RealNetworks Inc. Friday alerted the public to a security exploit affecting RealPlayer 8 that could allow an attacker to run arbitrary code on a victim's machine, according to company spokesperson Dave Cotter.

The hole has been dubbed as "buffer overrun" and Cotter said there have been no reports that any user of that media player has been affected.

Tim Morgan, of Oregon, reported the issue to RealNetworks on Jan. 17, dubbing it a "medium" risk exploit.

Morgan said the Real Media file format contains a variety of strings in its header. By manipulating the way a file is formatted, it is possible to overflow memory buffers which store these strings. This could let an attacker run arbitrary code on a user's machine.

"As it turns out, RealPlayer blindly trusts the number in front of the string to indicate the true length of the string, and doesn't check to see if this number is smaller than the allocated buffer length," Morgan explained. "Thus, with certain strings, it is very easy to cause RealPlayer to crash consistently by making the two bytes in front of a string 0xFFFF."

Though he claims he is no security expert, Morgan posted a detailed script of the exploit on his site ChickenSentinel.com here.

Cotter also said a fix will released by the end of day Friday via the RealPlayer AutoUpdate Service and for Enterprise RealPlayer users here.