Heap-based buffer overflow reported in RealNetworks RealPlayer

Heap-based buffer overflow reported in RealNetworks RealPlayer

Summary: Update 07/25/2008: Aaron Portnoy of TippingPoint's security research group was kind enough to point out that I'm actually not affected by this, since I've installed the newest version of RealPlayer.  From Aaron's email:Notice the Secunia advisory states it affects RealPlayer 10.

SHARE:
3

Aaron PortnoyUpdate 07/25/2008: Aaron Portnoy of TippingPoint's security research group was kind enough to point out that I'm actually not affected by this, since I've installed the newest version of RealPlayer.  From Aaron's email:

Notice the Secunia advisory states it affects RealPlayer 10.5... the latest is 11.x, which now uses the adobe module located in your system32 directory. If you don't have the adobe flash player installed, it should prompt you to install it. Real no longer ships their really-really-really buggy swf parser.

So, it's likely that bug doesn't affect the RealPlayer you installed assuming you installed the latest.

My bad for not checking the version on my system, but, that said, many of you still may be vulnerable as people tend to patch things like video players pretty infrequently... which tends to be a bad idea considering how buggy they are (see QuickTime).  Thanks Aaron!

RealPlayer Secunia Research is reporting a heap-based buffer overflow vulnerability in the widely used RealPlayer video player. I can only say this would've been nice to have had patch before I installed RealPlayer to listen to the Black Hat webcast, but I'm scrambling to uninstall now, so hopefully all is well.

FYI a patch does not currently exist, so you may consider at least a temporary uninstall.

Click read more for the details.

The details are provided from Secunia below:

Affected Software RealNetworks RealPlayer Version 10.5 Build 6.0.12.1483 NOTE: Other versions may also be affected.

Severity Rating: Highly critical Impact: System access Where: From remote

Description of Vulnerability Secunia Research has discovered a vulnerability in RealPlayer, which can potentially be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to a design error within the handling of frames in Shockwave Flash (SWF) files and can be exploited to cause a heap-based buffer overflow.

Successful exploitation may allow execution of arbitrary code.

Solution The vulnerability is fixed in an upcoming release.

Time Table 16/11/2007 - Vendor notified. 22/11/2007 - Vendor notified again. 26/11/2007 - Vendor response and request PoC. 29/11/2007 - Sent PoC to vendor. 03/01/2008 - Confirmation that vendor able to reproduce vulnerability. 27/05/2008 - Requested update from vendor. 07/07/2008 - Vendor confirms update is pending. 23/07/2008 - Vendor confirms disclosure date. 25/07/2008 - Public disclosure.

-Nate

Topics: Mobility, Hardware, Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

3 comments
Log in or register to join the discussion
  • Definition of PoC?

    Forgive my ignorance when using vulnerability speak, but what does PoC stand for? I thought at first it might mean Point of Contact, but I figured I might as well ask.
    Xanthus179
    • PoC = Proof of Concept (NT)

      -Nate
      nmcfeters
  • RE: Black Hat webcast

    The Black Hat conference organisers really should know better. They chose a webcast vendor that *requires* the use of RealPlayer on the Mac.

    No thanks.

    _ryan
    Ryan Naraine