A buffer overflow vulnerability in RealNetworks’
flagship RealPlayer software could put millions of users at risk of PC
takeover, the company warned in an advisory.
The flaw, which carries a “high risk” rating, affects the RealOne Player,
RealOne Player v2, RealPlayer 10, RealPlayer 8 and RealPlayer
eEye Digital Security, the company that discovered and reported the
vulnerability to RealNetworks, said a remote attacker could overwrite heap
memory with arbitrary data and execute malicious code via the digital media
“This specific flaw exists within the ’embd3260.dll’ file used by
RealPlayer. By specially crafting a malformed movie file along with an HTML
file, a direct heap overwrite is triggered, and reliable code execution is
then possible,” eEye said in an alert.
The company also warned of a RealPlayer boundary error when parsing URLs
that can be exploited to cause a buffer overflow via a RAM file containing a
specially crafted URL with a large number of period characters (“.”).
In a separate
advisory, RealNetworks confirmed the existence of the security hole and
released a patch to protect customers.
Buffer overflow attacks
used by malicious hackers to hijack vulnerable systems. A buffer overflow
(or buffer overrun) is the condition where data transferred to a buffer
exceeds the storage capacity and some of the data “overflows” into another
buffer, one that the data was not intended to go into.
Security consultants iDEFENSE also issued a related RealPlayer advisory
with a warning that an attacker could place a .RAM file (RealPlayer
Presentation) containing a maliciously constructed URL on a Web server and
send an e-mail to the target with a link containing the file.
The security warnings come at a crucial time for RealNetworks,
which competes directly with Microsoft
for customers in the digital media delivery
Earlier this year, U.K.-based NGS Software warned of a potentially
critical RealPlayer flaw that could allow malicious hackers to hijack
That flaw carried a “highly critical” rating.