Buffer Overflows Found in RealPlayer

A private security research firm on Thursday warned of a potentially
critical security flaw in the RealPlayer software distributed by RealNetworks that could allow malicious hackers to hijack vulnerable computers.

According to an alert from
U.K.-based NGS Software, the security flaw affects RealPlayer 8, RealOne
Player, RealOne Player v2 for Windows only (all languages), RealPlayer 10
Beta (English only) and RealPlayer Enterprise (all versions, standalone and
as configured by the RealPlayer Enterprise Manager).

Independent security consulting firm Secunia rates the vulnerability as
“highly critical.”

The RealOne/RealPlayer software is considered among the most widely used
media players, with an estimated user base of more than 200 million
worldwide.

According to NGSSoftware, malicious hackers could craft malformed .R3T
files to cause a stack based overruns in the media player. “By forcing a
browser to a website containing such a file, code could be executed on the
target machine running in the context of the logged on user, alternatively
the end user would be required to open the .R3T file as a mail attachment,”
The company warned.

The Seattle-based RealNetworks confirmed the NGSSoftware findings but made it clear that users were only vulnerable if they had previously downloaded the specialized R3T plug-in. It said the newest RealPlayer 10 Gold was not vulnerable since the affected component was removed during installation.

The company issued an update to remove the buggy R3T plug-in and
recommended that RealOne and RealPlayer apply the patch via the “Check for
Update” option in the “Tools” menu of the media player.

It is not the first time RealNetworks have dealt with security concerns
over the RealPlayer. Last April, the company plugged
a heap corruption flaw that opened users to the risk of attacks using a
specifically corrupted Portable Network Graphics (PNG) file. A successful
exploit of that flaw could have allowed the execution of arbitrary code on a
user’s machine.

The latest security warning comes just one day after RealNetworks
released a final version of RealPlayer 10, which is being hailed as the
first free media player to playback content in every major media format.

RealNetworks said the new player, which comes with an embedded
music store
, allows playback of RealAudio, RealVideo, AAC, Windows
Media, QuickTime MPEG-4 and MP3.

The new player has also been fitted with the ability to fast forward and
rewind within streams without delay and to pause live streams.

News Around the Web