ie8 fix
madison

Zero Day

Ryan Naraine, Emil Protalinski and Dancho Danchev
Home / News & Blogs / Zero Day

Heap-based buffer overflow reported in RealNetworks RealPlayer

By | July 25, 2008, 8:43am PDT

Summary: Update 07/25/2008: Aaron Portnoy of TippingPoint’s security research group was kind enough to point out that I’m actually not affected by this, since I’ve installed the newest version of RealPlayer.  From Aaron’s email: Notice the Secunia advisory states it affects RealPlayer 10.5… the latest is 11.x, which now uses the adobe module located in your system32 [...]

Aaron PortnoyUpdate 07/25/2008: Aaron Portnoy of TippingPoint’s security research group was kind enough to point out that I’m actually not affected by this, since I’ve installed the newest version of RealPlayer.  From Aaron’s email:

Notice the Secunia advisory states it affects RealPlayer 10.5… the latest is 11.x, which now uses the adobe module located in your system32 directory. If you don’t have the adobe flash player installed, it should prompt you to install it. Real no longer ships their really-really-really buggy swf parser.

So, it’s likely that bug doesn’t affect the RealPlayer you installed assuming you installed the latest.

My bad for not checking the version on my system, but, that said, many of you still may be vulnerable as people tend to patch things like video players pretty infrequently… which tends to be a bad idea considering how buggy they are (see QuickTime).  Thanks Aaron!

RealPlayer Secunia Research is reporting a heap-based buffer overflow vulnerability in the widely used RealPlayer video player. I can only say this would’ve been nice to have had patch before I installed RealPlayer to listen to the Black Hat webcast, but I’m scrambling to uninstall now, so hopefully all is well.

FYI a patch does not currently exist, so you may consider at least a temporary uninstall.

Click read more for the details.

The details are provided from Secunia below:

Affected Software
RealNetworks RealPlayer Version 10.5 Build 6.0.12.1483
NOTE: Other versions may also be affected.

Severity
Rating: Highly critical
Impact: System access
Where: From remote

Description of Vulnerability
Secunia Research has discovered a vulnerability in RealPlayer, which can potentially be exploited by malicious people to compromise a user’s system.

The vulnerability is caused due to a design error within the handling of frames in Shockwave Flash (SWF) files and can be exploited to cause a heap-based buffer overflow.

Successful exploitation may allow execution of arbitrary code.

Solution
The vulnerability is fixed in an upcoming release.

Time Table
16/11/2007 - Vendor notified.
22/11/2007 - Vendor notified again.
26/11/2007 - Vendor response and request PoC.
29/11/2007 - Sent PoC to vendor.
03/01/2008 - Confirmation that vendor able to reproduce vulnerability.
27/05/2008 - Requested update from vendor.
07/07/2008 - Vendor confirms update is pending.
23/07/2008 - Vendor confirms disclosure date.
25/07/2008 - Public disclosure.

-Nate

Kick off your day with ZDNet's daily e-mail newsletter. It's the freshest tech news and opinion, served hot. Get it.

More from “Zero Day”

Topics

Vulnerability, RealNetworks Inc., Buffer-overflow, RealNetworks RealPlayer, Heap, Secunia Research, Vendor, Digital Music, Digital Media, Security, Personal Technology, Consumer Electronics, Nathan McFeters

Disclosure

Nathan McFeters

http://i.zdnet.com/images/auth/nmcfeters_53x53.jpg

Biography

Nathan McFeters

Nathan McFeters is a Senior Security Advisor for Ernst & Young's Advanced Security Center in Chicago. Nathan has performed web application, deep source code, Internet, Intranet, wireless, dial-up, and social engineering engagements for numerous clients in the Fortune 500 during his career at Ernst & Young and has spoken at a number of prestigious conferences, including Black Hat, DEFCON, ToorCon, and Hack in the Box. He can be found at his Pwn* blog and XS-Sniper, a blog with Billy Rios.

Related Discussions on TechRepublic

Did you know you can take part in these discussions with your ZDNet membership?
Ask a Question Start a Discussion
3
Comments
Add Your Opinion

Join the conversation!

Just In

PoC = Proof of Concept (NT)
nmcfeters 25th Jul 2008
-Nate
View in thread
0 Votes
+ -
Definition of PoC?
Xanthus179 25th Jul 2008
Forgive my ignorance when using vulnerability speak, but what does PoC stand for? I thought at first it might mean Point of Contact, but I figured I might as well ask.
0 Votes
+ -
PoC = Proof of Concept (NT)
nmcfeters 25th Jul 2008
-Nate
0 Votes
+ -
Contributr
RE: Black Hat webcast
Ryan Naraine 25th Jul 2008
The Black Hat conference organisers really should know better. They chose a webcast vendor that *requires* the use of RealPlayer on the Mac.

No thanks.

_ryan

Join the conversation!

Formatting +
BB Codes - Note: HTML is not supported in forums
  • [b] Bold [/b]
  • [i] Italic [/i]
  • [u] Underline [/u]
  • [s] Strikethrough [/s]
  • [q] "Quote" [/q]
  • [ol][*] 1. Ordered List [/ol]
  • [ul][*] · Unordered List [/ul]
  • [pre] Preformat [/pre]
  • [quote] "Blockquote" [/quote]
ie8 fix
Click Here
ie8 fix

The best of ZDNet, delivered

ZDNet Newsletters

Get the best of ZDNet delivered straight to your inbox

Facebook Activity

Blog Roll

Blog Archive

White Papers, Webcasts, & Resources
ie8 fix
ie8 fix