Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » Security issue in RealPlayer

Security issue in RealPlayer

by Nikola Strahija on September 30th, 2005 RealPlayer and Helix Player are at risk from zero-day attacks, because of the publication of exploit code for a serious flaw in the software. The flaw, a format string error, affects both players' Unix or Linux versions, and could be exploited via ".rp" and ".rt" file formats, and possibly other formats.


An attacker could exploit the bug by luring the user directly to the malicious files, or to a site in which the malicious files are embedded; they could then automatically load and execute malicious code, researchers said.

The bug was confirmed in Helix Player 1.0.5.757 (gold) and RealPlayer version 10.0.5.756 (gold), according to advisories from Secunia, although any version of Helix or RealPlayer, are likely to vulnerable, according to researchers.

Secunia and FrSIRT, the French Security Incident Response Team, both gave the flaw highly critical ratings.

The person who discovered the flaw, known by the handle "c0ntex", said he was forced to publish exploit code on the Internet despite the fact that patches haven't yet been produced. In an advisory published on c0ntex's Open Security Group site, the researcher said he was prompted to disclose the flaw and exploit code to head off malicious users. -It seems someone is trying to pinch my research, he wrote. -As such I have been forced to release this advisory sooner than hoped.


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »