RealNetworks video flaws unearthed

Single URL directed at Real server forces shutdown; glitch in Windows Media encoder could interrupt live broadcasts
Written by Bob Sullivan, Contributor

For the second time in six weeks, a group of South American security researchers has discovered a simple method for breaking RealNetworks streaming video servers. Underground Security Systems Research revealed Thursday that a single URL sent at a Real video server causes the system to stop functioning. The company says it will have a fix for the problem soon.

The vulnerability comes on the heels of an announcement by Microsoft that it had patched a flaw in its Windows Media Encoder that could jeopardize streaming media providers that supply real-time broadcasts of streaming media.

Underground Security Systems Research (USSR) researchers in April released a program called 'realdie.exe' that made it easy for attackers to shut down a Real server. It did not allow a computer intruder to gain access to files on the machine. Thursday's flaw attacks a different mechanism but produces the same result. The group has also told MSNBC it plans to release a third attack within the next few weeks.

A company spokesperson confirmed that the flaw announced Thursday was a real problem, but added that the firm was unaware of any cases where a customer has actually been victimized by the attack. She said it exploits a problem with a technology called 'View Source', which allows content and media file information to be displayed in a Web browser -- as opposed to appearing in a stand-alone player.

The security researchers attempted to warn Real about the flaw before it was published on the security mailing list 'Bugtraq', but e-mails sent to support@real.com on May 23 only generated automated responses.

A spokesperson said the messages never reached the company's technical support team, and the firm is studying its procedures. It's not uncommon for companies to generate automatic responses to publicly available e-mail addresses. "Every address on our Web site just gets a lot of e-mail," the spokesperson said.

According to the company, administrators concerned about the flaw can protect their servers by shutting off the 'View Source' option. Instructions for that solution are:

  • Step 1: In RealSystem Administrator, click View Source, then click Source Access.
  • Step 2: In the Master Settings area, select "Disable View Source."
  • What do you think? Tell the Mailroom. And read what others have said.

    Editorial standards