RealPlayer haunted by 11 critical vulnerabilities
Posted by Ryan Naraine @ 10:41 am
Categories: Arbitrary Code Execution, Browsers, Data theft, Denial of Service (DoS), Digital rights management..., Exploit code, Hackers, Malware, Patch Watch, Spyware and Adware, Viruses and Worms
Tags: Critical Vulnerability, Code, Buffer-overflow, RealNetworks RealPlayer, Error..., Interactive Voice Response (IVR), Digital Music, Digital Media, Viruses And Worms, Security
27 TalkBacksPrintEmailThumbs UpThumbs Down+59A quick heads-up to any computer users out with RealPlayer installed: There are at least 11 critical vulnerabilities that expose Windows, Mac and Linux users to malicious hacker attacks.
RealNetworks released an advisory to warn of the vulnerabilities, which could be exploited via rigged image and media files to launch remote code execution attacks.
The vulnerabilities also affect some versions of the Helix Player for Linux.
Here are the details from the RealNetworks alert:
1.A heap overflow error when processing a malformed ASM Rulebook, which could be exploited to execute arbitrary code.
2.A heap overflow error when processing a malformed GIF file, which could be exploited to execute arbitrary code.
3.A buffer overflow error when processing a malformed media file, which could be exploited to execute arbitrary code.
4.A buffer overflow error when processing a malformed IVR file, which could be exploited to execute arbitrary code.
5.A heap overflow error when processing a malformed IVR file, which could be exploited to execute arbitrary code.
6.A heap overflow error related to the SIPR Codec, which could be exploited to execute arbitrary code.
7.A heap overflow error when processing a malformed compressed GIF, which could be exploited to execute arbitrary code.
8.A heap overflow error when parsing a malformed SMIL file, which could be exploited to execute arbitrary code.
9.A heap overflow error when parsing a malformed Skin, which could be exploited to execute arbitrary code.
10.An array overflow error when parsing a malformed ASM RuleBook, which could be exploited to execute arbitrary code.
11.A buffer overflow error related to rtsp “set_parameter” method, which could be exploited to execute arbitrary code.
RealPlayer is a favorite target for malware writers and fraudware purveyors who rig exploits into Web pages to launch drive-by download attacks. This should be treated as a critical update for all RealPlayer users. If you don’t use the software, you are best advised to uninstall it immediately.
GALLERY:
How to use Internet Explorer securely
Ryan Naraine is a journalist and security evangelist at Kaspersky
No comments:
Post a Comment