RealNetworks Reveals Exploit on RealPlayer 8

RealNetworks Inc. Friday alerted the public to a security exploit affecting RealPlayer 8 that could allow an attacker to run
arbitrary code on a victim’s machine, according to company spokesperson Dave Cotter.


The hole has been dubbed as “buffer overrun” and Cotter said there have been no reports that any user of that media player has been affected.


Tim Morgan, of Oregon, reported the issue to RealNetworks on Jan. 17, dubbing it a “medium” risk exploit.


Morgan said the Real Media file format contains a variety of strings in its header. By manipulating the way a file is formatted, it is possible to overflow memory buffers which store these strings. This could let an attacker run arbitrary code on a user’s machine.


“As it turns out, RealPlayer blindly trusts the number in front of the string to indicate the true length of the string, and doesn’t check to see if this number is smaller than the allocated buffer length,” Morgan explained. “Thus, with certain strings, it is very easy to cause RealPlayer to crash consistently by making the two bytes in front of a string 0xFFFF.”


Though he claims he is no security expert, Morgan posted a detailed script of the exploit on his site ChickenSentinel.com here.


Cotter also said a fix will released by the end of day Friday via the RealPlayer AutoUpdate Service and for Enterprise
RealPlayer users here.

RealNetworks Inc. Friday alerted the public to a security exploit affecting RealPlayer 8 that could allow an attacker to run
arbitrary code on a victim’s machine, according to company spokesperson Dave Cotter.


The hole has been dubbed as “buffer overrun” and Cotter said there have been no reports that any user of that media player has been
affected.


Tim Morgan, from Oregon, reported the “medium” risk flaw on Jan. 17. He said the problem stems from the Real Media file format, which contains a number of strings in its header. By manipulating the way a file is formatted, he said, it is possible to overflow memory buffers which store these strings allowing an attacker to run code on a user’s machine.


Cotter said a fix will released by the end of day Friday via the RealPlayer AutoUpdate Service and for Enterprise
RealPlayer users here.

RealNetworks Inc. Friday alerted the public to a security exploit affecting RealPlayer 8 that could allow an attacker to run
arbitrary code on a victim’s machine, according to company spokesperson Dave Cotter.


The hole has been dubbed as “buffer overrun” and Cotter said there have been no reports that any user of that media player has been
affected.


Tim Morgan, from Oregon, reported the “medium” risk flaw on Jan. 17. He said the problem stems from the Real Media file format, which contains a number of strings in its header. By manipulating the way a file is formatted, he said, it is possible to overflow memory buffers which store these strings allowing an attacker to run code on a user’s machine.


Morgan explained the exploit: “As it turns out, RealPlayer blindly trusts the number in front of the string to indicate the true length of the string, and doesn’t check to see if this number is smaller than the allocated buffer length. Thus, with certain strings, it is very easy to cause RealPlayer to crash consistently by making the two bytes in front of a string 0xFFFF.”


An while Morgan refuses to take credit as a security expert, he provided full documentation of the problem on the site, SentinelChicken.com, here.


Cotter said a fix will released by the end of day Friday via the RealPlayer AutoUpdate Service and for Enterprise
RealPlayer users here.

RealNetworks Inc. Friday alerted the public to a security exploit affecting RealPlayer 8 that could allow an attacker to run
arbitrary code on a victim’s machine, according to company spokesperson Dave Cotter.


The hole has been dubbed as “buffer overrun” and Cotter said there have been no reports that any user of that media player has been affected.


Tim Morgan, of Oregon, reported the issue to RealNetworks on Jan. 17, dubbing it a “medium” risk exploit.


Morgan said the Real Media file format contains a variety of strings in its header. By manipulating the way a file is formatted, it is possible to overflow memory buffers which store these strings. This could let an attacker run arbitrary code on a user’s machine.


“As it turns out, RealPlayer blindly trusts the number in front of the string to indicate the true length of the string, and doesn’t check to see if this number is smaller than the allocated buffer length,” Morgan explained. “Thus, with certain strings, it is very easy to cause RealPlayer to crash consistently by making the two bytes in front of a string 0xFFFF.”


Though he claims he is no security expert, Morgan posted a detailed script of the exploit on his site ChickenSentinel.com here.


Cotter also said a fix will released by the end of day Friday via the RealPlayer AutoUpdate Service here.

News Around the Web