ie8 fix
madison

Zero Day

Ryan Naraine, Emil Protalinski and Dancho Danchev
Home / News & Blogs / Zero Day

RealPlayer haunted by 11 critical vulnerabilities

By | January 22, 2010, 10:41am PST

Summary: RealNetworks released an advisory to warn of the vulnerabilities, which could be exploited via rigged image and media files to launch remote code execution attacks.

A quick heads-up to any computer users out with RealPlayer installed:  There are at least 11 critical vulnerabilities that expose Windows, Mac and Linux users to malicious hacker attacks.

RealNetworks released an advisory to warn of the vulnerabilities, which could be exploited via rigged image and media files to launch remote code execution attacks.

The vulnerabilities also affect some versions of the Helix Player for Linux.

Here are the details from the RealNetworks alert:

  1. A heap overflow error when processing a malformed ASM Rulebook, which could be exploited to execute arbitrary code.
  2. A heap overflow error when processing a malformed GIF file, which could be exploited to execute arbitrary code.
  3. A buffer overflow error when processing a malformed media file, which could be exploited to execute arbitrary code.
  4. A buffer overflow error when processing a malformed IVR file, which could be exploited to execute arbitrary code.
  5. A heap overflow error when processing a malformed IVR file, which could be exploited to execute arbitrary code.
  6. A heap overflow error related to the SIPR Codec, which could be exploited to execute arbitrary code.
  7. A heap overflow error when processing a malformed compressed GIF, which could be exploited to execute arbitrary code.
  8. A heap overflow error when parsing a malformed SMIL file, which could be exploited to execute arbitrary code.
  9. A heap overflow error when parsing a malformed Skin, which could be exploited to execute arbitrary code.
  10. An array overflow error when parsing a malformed ASM RuleBook, which could be exploited to execute arbitrary code.
  11. A buffer overflow error related to rtsp “set_parameter” method, which could be exploited to execute arbitrary code.

RealPlayer is a favorite target for malware writers and fraudware purveyors who rig exploits into Web pages to launch drive-by download attacks.  This should be treated as a critical update for all RealPlayer users. If you don’t use the software, you are best advised to uninstall it immediately.

GALLERY:

Kick off your day with ZDNet's daily e-mail newsletter. It's the freshest tech news and opinion, served hot. Get it.

More from “Zero Day”

Topics

Critical Vulnerability, Code, Buffer-overflow, RealNetworks RealPlayer, Error, Interactive Voice Response (IVR), Digital Music, Digital Media, Viruses And Worms, Security, Personal Technology, Consumer Electronics, Ryan Naraine

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues.

Disclosure

Ryan Naraine

The most important disclosure is of my employment with Kaspersky Lab as a member of the global research and analysis team. Kaspersky Lab is a global company specializing in anti-malware and secure content management technologies. I do not own stocks or other investments in any technology company.

Biography

Ryan Naraine

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company's online community initiative around secure content management technologies.

Prior to joining Kaspersky Lab, Ryan was Editor-at-Large/Security at eWEEK, leading the magazine's and Web site's coverage of Internet and computer security issues and managing the popular SecurityWatch blog, covering the daily threats, vulnerabilities and IT security technologies. He also covered IT security, hacker attacks and secure content management topics for Jupiter Media's internetnetnews.com.

Ryan can be reached at naraine SHIFT 2 gmail.com. For daily updates on Ryan's activities, follow him on Twitter.

Related Discussions on TechRepublic

Did you know you can take part in these discussions with your ZDNet membership?
Ask a Question Start a Discussion
51
Comments
Add Your Opinion

Join the conversation!

Just In

RE: RealPlayer haunted by 11 critical vulnerabilities
lovedong 13th Sep
Good luck to you! rolex watches
View in thread
0 Votes
+ -
Does anyone use RealPlayer any more?
Letophoro 22nd Jan 2010
I haven't used it in years. Nor do I know anyone that does use it.
0 Votes
+ -
Nope
Cylon Centurion 22nd Jan 2010
What's Real? Lol.
0 Votes
+ -
It's like FORTRAN.
AzuMao 22nd Jan 2010
Minus the novelty and nostalgia.
0 Votes
+ -
I'd rather use FORTRAN.
dgurney 25th Jan 2010
And certainly COBOL.
0 Votes
+ -
backflash
sywarp 2nd Feb 2010
Lets not play stupid, we all downloaded and were
quite amazed by the first real player versions.
Well maybe some of you born too late got skipped
of the fun. Lets not forget how we jammed to real
player back in old school.to Real networks, get
you act together, forget real player and start
from scratch, make something you can be proud of
happy
0 Votes
+ -
Willing to bet someone in Google China may
TxM2xTx 22nd Jan 2010
If so many still use IE6 then it's fair to say some still use RP. Doh!
0 Votes
+ -
Ya just like those peeps in Symantec and the other 31 companies that
AzuMao 23rd Jan 2010
got hacked because of IE's insecurities.
0 Votes
+ -
The government..
jayja1 25th Jan 2010
...at least the FCC. All those Broadband forums and panels they've been having, the videos they post have to be viewed with RealPlayer.
0 Votes
+ -
I thought RP went away with Myspace
fraaaank 25th Jan 2010
I wonder what else is still out there LOL
0 Votes
+ -
Is Real Player Still Around?
DarienHawk67 25th Jan 2010
I was thinking the same thing, "who still uses Real Player?"
0 Votes
+ -
RE: RealPlayer haunted by 11 critical vulnerabilities
lovedong 13th Sep
Good luck to you! rolex watches
0 Votes
+ -
FUD!
Linux Geek 22nd Jan 2010
There are at least 11 critical vulnerabilities that expose Windows, Mac and Linux users to malicious hacker attacks.
I'll bet my one month paycheck that Linux users are safe despite Real.
The malware is just for windoze.
0 Votes
+ -
Oh you mean.....
OhTheHumanity 22nd Jan 2010
XP, I would bet my month paycheck that Vista and 7 would be safe. XP has flaws, I advise everyone to move off of it now. I know you will keep comparing Linux to XP until the end of time. Thats usually how it works. Oh and wasn't at all worried about the China hacks, we were safe here because we keep up with the times unlike Google and such.
0 Votes
+ -
They aren't.
AzuMao 22nd Jan 2010
Nothing was changed in them that would affect this.

The vulnerability is in RealPlayer, and has nothing to do with what version of Windows you run. It doesn't involve the Windows API.
0 Votes
+ -
UAC would stop most of these things
Lerianis10 23rd Jan 2010
As would DEP.
0 Votes
+ -
UAC has no effect on these; you do not need admin rights to exploit any of
AzuMao 23rd Jan 2010
them. And DEP hasn't changed any from Windows XP
to Windows Vista or Windows 7.

I doubt RealPlayer even supports it anyways.
0 Votes
+ -
Ways to propagate
Earthling2 Updated - 23rd Jan 2010
Yep, writing to other songs or skins or videos does not reqiure admin rights. Seems like the perfect way for malicious code to propagate itself to other systems via media file sharing.

Once distributed, the code can find an user running as admin in XP or a system with an unpatched local privilege escalation vulnerability.

Oops, it's time for a patch or two .

Or may be three . I particularly like #22 from the recent update because of this.
0 Votes
+ -
Don't most people use their own keyboards?
AzuMao 23rd Jan 2010
The ones that come bundled are always ****,
whoever you buy the computer from (Apple, Dell,
HP, etc).
0 Votes
+ -
No, he means......
DirtyDingus 25th Jan 2010
Yes, your smugness. Good thing you didn't post where you were at-you wouldn't be safe with a challenge like that.
0 Votes
+ -
"Where you were at"?
dgurney 25th Jan 2010
What's the "at" doing at the end of that sentence?
0 Votes
+ -
given that your one month paycheck is FOSS
SystemVoid 22nd Jan 2010
you wouldn't be betting on much.
0 Votes
+ -
and while you're at it...
SystemVoid 22nd Jan 2010
Why don't you open up that compiler, have a crack
at that Linux source code, and get back to us when
you've fixed those Linux vulnerabilities.

I won't hold my breath.
0 Votes
+ -
There are no Linux vulnerablities
MSFTWorshipper 22nd Jan 2010
Linux Geek said so.
0 Votes
+ -
i'm convinced (nt)
SystemVoid 22nd Jan 2010
.
0 Votes
+ -
You should be!
MSFTWorshipper 22nd Jan 2010
There's a scone with your name on it.
0 Votes
+ -
Yes there are
ghooton 26th Jan 2010
I use Debian and I get 3 - 4 emails from debian-security@lists.debian.org per week. The question is, where are the exploits?
0 Votes
+ -
Because they're in RealPlayer..
AzuMao 22nd Jan 2010
..which is closed source?
0 Votes
+ -
Who is willing to bet with you ...
TalentSupporter 22nd Jan 2010
I have seen your posts , I can tell confidently that you are no more than minimum wage worker.
0 Votes
+ -
How Much is Your Paycheck?
DarienHawk67 25th Jan 2010
Okay, from what exactly are Linux user safe? If an exploitation allows execution of arbitrary code that allows the attacker full access to your data--regardless if your account is a standard non-root account--that is just as bad as losing an entire OS.

Actually, I would argue that losing data is worse; I can always reconstitute an OS, but I may not be able to do so with data.
0 Votes
+ -
chroot jail the app
RandallR 4th Feb 2010
All that is needed is to run realplayer in a chroot jail with it's own user. if it gets nasty.
delete the user and files. all other data secure and so is OS....I am speaking if Linux, of course.

Really simple after you do it once.
I basically don't use RealPlayer, because there are other open source alternatives that work.
0 Votes
+ -
People still use RealPlayer?
alsw 22nd Jan 2010
After the whole spyware fiasco in the early 2000's ( or was it late nineties?? ) I thought everyone had moved on.
0 Votes
+ -
What would you rather have me use for FLV?
MSFTWorshipper 22nd Jan 2010
I gotta have me FLVs
0 Votes
+ -
You're stuck with Flash, may as well actually use it.
AzuMao 22nd Jan 2010
0 Votes
+ -
I hope you were being sarcastic
Lerianis10 23rd Jan 2010
Windows Media Player does FLV's, KMPlayer does FLV's, VLC Player does FLV's.... need I keep going on?

There is simply no good reason for using RealPlayer anymore. I liked their software at one time, but after the NUMEROUS vulnerabilities in it, I moved on.
0 Votes
+ -
Horrendous installation
justthisguyyouknow 25th Jan 2010
I stopped using Real when they converted it to spyware by default, and the installation required unchecking hidden checkboxes to keep it from doing ****** things to your system.

They got what they deserved -- they're irrelevant now.

This is something all those companies that let their marketing departments determine what's in their software should take a good look at -- the bell tolls for them, too.
0 Votes
+ -
RE: RealPlayer haunted by 11 critical vulnerabilities
Loverock Davidson 22nd Jan 2010
Someone actually used RealPlayer long enough to see if there were vulnerabilities in it?
0 Votes
+ -
Seriously .... anybody is still using Real Player???
wackoae 24th Jan 2010
NT
0 Votes
+ -
If you use Rhapsody music service....
tgschmidt 25th Jan 2010
I believe you are using Real Player.
0 Votes
+ -
RE: RealPlayer haunted by 11 critical vulnerabilities
powershaker 25th Jan 2010
Avoid RealPlayer for realz. lol
0 Votes
+ -
RE: RealPlayer haunted by 11 critical vulnerabilities
cpomd@... 25th Jan 2010
If you must then use Realplayer Alternative
0 Votes
+ -
RE: RealPlayer haunted by 11 critical vulnerabilities
gabriel bear 25th Jan 2010
last i had to know, rp was seriously ahead on accurate video compression. granted, that was a while ago. but isn;t it nice to see all the mac/msft zombies agreeing that they are too cool for real player...escpeiucally when rhapsody offers a more cost effective model for moving media than i-tunes.
and then of course, there is this:
:"We have received no reports of any machines actually being compromised as a result of the now-remedied vulnerabilities."
something neither appl or msft can say very often, and linux blames on the endpoint, rather than the infected linux back ends.
0 Votes
+ -
What? No "zero-day" usage here?
dgurney 25th Jan 2010
ZD just loves to use this unexplained term in breathless headlines. Why not here?
0 Votes
+ -
RE: RealPlayer haunted by 11 critical vulnerabilities
tigger71677@... 26th Jan 2010
I actually have no problems yet. =)
0 Votes
+ -
So what is good for music playback
msbaldwin43 26th Jan 2010
As an intermediate user with very little knowledge of programming (I tried but lagged behind),it would be nice to see information on what programs are recommended for music instead of a lot of insults. As a senior citizen I wish for respect in responding to my question. Thank you
0 Votes
+ -
Msbaldwin43, an alternative you might wish to consider
mhenriday 26th Jan 2010
is the cross-platform VLC Media Player, available via this link (http://www.videolan.org/vlc/). I have found it very reliable indeed....

Henri
0 Votes
+ -
Another decent one is XMMS.
AzuMao 26th Jan 2010
0 Votes
+ -
RE: RealPlayer haunted by 11 critical vulnerabilities
sywarp 2nd Feb 2010
Waoouu, that is heavy. it is actually suggested to
uninstall real player. I asked myself while reading the
article how many times real player was involved in bad
news and how they keep on getting there. I think the
people at real networks sit together and plan this. They
have weekly meetings on how to get into bad news, cause
as long as they spell the name right, its all good, for
real, trust me on this.
0 Votes
+ -
Weren't these clowns involved...
lehnerus2000 2nd Feb 2010
Weren't these clowns involved in (or partially responsible for) the "Windows XP N" fiasco?

lehnerus2000

Join the conversation!

Formatting +
BB Codes - Note: HTML is not supported in forums
  • [b] Bold [/b]
  • [i] Italic [/i]
  • [u] Underline [/u]
  • [s] Strikethrough [/s]
  • [q] "Quote" [/q]
  • [ol][*] 1. Ordered List [/ol]
  • [ul][*] · Unordered List [/ul]
  • [pre] Preformat [/pre]
  • [quote] "Blockquote" [/quote]
ie8 fix
Click Here
ie8 fix

The best of ZDNet, delivered

ZDNet Newsletters

Get the best of ZDNet delivered straight to your inbox

Facebook Activity

Blog Roll

Blog Archive

White Papers, Webcasts, & Resources
ie8 fix
ie8 fix