Slashdot Mirror

← Back to Stories (view on slashdot.org)

Three Vulnerabilities Discovered in Real Player

Posted by CowboyNeal on from the playing-for-a-fool dept.

prostoalex writes "British Next-Generation Security Software discovered three vulnerabilities in popular Real Player. A malicious attacker can execute arbitrary code by offering corrupted RealAudio stream. Real Networks posted the instructions on dealing with security flaws."

26 of 286 comments (clear)

  1. A new insult... by Lord_Slepnir · · Score: 4, Funny

    "Your band's so bad that their voices hack real player"

    1. Re:A new insult... by LostCluster · · Score: 3, Funny

      Mod parent as funny... and send the line to Simon Cowell for use on American Idol...

    2. Re:A new insult... by LittleGuy · · Score: 3, Funny

      Mod parent as funny... and send the line to Simon Cowell for use on American Idol...

      Simon can (and does) come up with his own insults. Send it to Paula Abdul.

      --
      Mod Karma -1: I sed bad wurds. If I cep my mouf shut, I wud be at riyses.
  2. Great, Just %$*# Great! by l0ungeb0y · · Score: 3, Funny
    Now if email virii wasn't my only worry, now I can't even trust my daily dose of porn!

    What's the world coming too?
    YAAAAAAaaaaaarrrrgh!!!!

  3. So the exploit would go something like... by Spazholio · · Score: 5, Funny

    "LOLOLOLO!!!!11 j00 h4v3 b33n HAC....buffering.....buffering....buffering...."

    1. Re:So the exploit would go something like... by wik · · Score: 5, Funny

      .... it's a new form of buffer underflow attack.

      --
      / \
      \ / ASCII ribbon campaign for peace
      x
      / \
  4. Shades of MS? by Ignorant+Aardvark · · Score: 5, Funny

    From the Real Player Knowledge Base:

    To prevent maliciously formatted video streams from providing a backdoor into your system, type the video stream by hand and verify that it contains no malicious code.

    --
    Cyde Weys Musings - Scrutinizing the inscrutable
  5. List of vuln [buffering] by QEDog · · Score: 4, Funny

    The specific [buffering] were:
    Exploit 1: To operate remote [buffering] from the domain of the [buffering] opened by a [buffering] file or other file.
    Exploit 2: To fashion [buffering] which allow an attacker to on a user's [buffering]
    Exploit 3: To fashion [buffering] create Buffer Overrun errors.

    --
    "There is no teacher but the enemy."-Mazer Rackham
  6. Type THAT! by LostCluster · · Score: 4, Funny

    From the Real Player Knowledge Base:

    To prevent maliciously formatted video streams from providing a backdoor into your system, type the video stream by hand and verify that it contains no malicious code.

    Anybody out there who can type at 128 kbps?

    1. Re:Type THAT! by McGarnacle · · Score: 5, Funny

      Anybody out there who can type at 128 kbps?

      Yes, but not without a good deal of ...buffering... going on.

      Everytime a Real story shows up on slashdot, I'm tempted to post this. Looks like I couldn't resist!
      --

      I disagree with what you say, but will defend to the death your right to tell such LIES!

  7. I never noticed any corruption in the stream by morelife · · Score: 4, Funny

    I still haven't gotten past configuring my message center options in Real Player. Boxes keep popping up. I've bought the full version three times now. What's wrong?

  8. Owned by jpop by ce25254 · · Score: 1, Funny

    All your bass are belong to us!

    (sorry)

  9. The thing is... by teamhasnoi · · Score: 5, Funny
    in order to execute the exploits, you first have to click on thirty-seven checkboxes hidden in a Tibetian monestary.

    Then you must send 34 seconds of a certain portion of the movie 'Deliverance' over a period of 22 minutes.

    These two things must be accomplished while repeatedly hitting 'alt-f4' on your keyboard, and screaming, "Damn you Real Player! Damn you to Hell!' like a woman.

    Of course, if you reboot you'll have to start all over again, after a slight delay.

    Um, a longer delay.

    Ok, you get one shot at this, I guess. At least the exploit is consistent with their user interface.

    1. Re:The thing is... by Shut+the+fuck+up! · · Score: 2, Funny

      You forgot one important step: You must first attempt to to connect to ports 1026, 1027, 1029, 1034, 1026, 1044 and 1035 in that sequence within 5 seconds.

  10. Hmm by Niacin · · Score: 2, Funny



    ..and in other news, Real Player now hijacking PC's with a new vulner.....

  11. Re:Instructions by Anonymous Coward · · Score: 5, Funny

    RealPlayer is a program you use when you half to.

    I wouldn't even use it if I third to.

  12. My predicament... by Anonymous Coward · · Score: 3, Funny

    [x] I'd uninstall Realplayer, but [insert choice pr0n site] still streams its content with it and I can't be without it.

    Possible Solution: If we can get the pr0n industry to take an interest in OSS, then Linux on the desktop would excel!

  13. The exploits are not buffer overflows... by Anonymous Coward · · Score: 1, Funny

    cause one though or sure about real player is that its buffers are never full.

    Buffering.... 86%

  14. This one is too easy. by Montreal+Geek · · Score: 4, Funny
    Be definition if you have any software from RealNetworks on your box, then a malicious attacker is running arbitary code.

    Spyware, adware, "helpful" browser adjuncts.

    Oh, wait, you mean another malicious attacker!

    -- MG

  15. Re:Linux by Anonymous Coward · · Score: 3, Funny
    From what I've seen Linux users are generally safe from

    slip-up at a social cocktail party, since they're hardly invited

    STDs transferred during sexual intercourses and foreplay with persons of opposite sex

    overspending on deodorant

    huge water bills due to frequent showers

    complaints from Mom about yet another basement party

  16. Buffering... by arvindn · · Score: 4, Funny

    Its ironic that one of the vulnerabilities is a buffer overflow.

  17. Fuck Real Player by Anonymous Coward · · Score: 1, Funny

    There are only 2 types of Real Player users:

    1) New users who just finished downloading the software and don't hate Real Player yet

    2) FUCKING STUPID PEOPLE

  18. The Three Vulnerabilities are.... by Viking5150 · · Score: 4, Funny

    buffering.......buffering.......buffering......

  19. Re:I miss Progressive Networks... by Bombcar · · Score: 4, Funny

    Today's Dilbert is strangely appropriate...

    Read

    --
    Fellowship 9/11
  20. Back in my days by Anonymous Coward · · Score: 1, Funny

    You kids are getting spoiled by your exploits delivered conveniently in a real media stream. Back in my days I had to get up in the morning, at ten o'clock at night, half an hour before I went to bed, eat a lump of cold poison, work twenty-nine hours a day down at the mine and dig out my exploits and pay the mine-owner for permission to come to work, and when we got home, our dad would kill us and dance about on our graves, singing Hallelujah!

    Oh, ay. And you try and tell the young people of today that, and they won't believe you.

  21. Ploy to upgrade? by madchris · · Score: 1, Funny

    Granted, the software may be buggy, their "fix" is to upgrade. A market ploy comes to mind.