Slashdot Mirror


Three Vulnerabilities Discovered in Real Player

prostoalex writes "British Next-Generation Security Software discovered three vulnerabilities in popular Real Player. A malicious attacker can execute arbitrary code by offering corrupted RealAudio stream. Real Networks posted the instructions on dealing with security flaws."

14 of 286 comments (clear)

  1. A new insult... by Lord_Slepnir · · Score: 4, Funny

    "Your band's so bad that their voices hack real player"

  2. So the exploit would go something like... by Spazholio · · Score: 5, Funny

    "LOLOLOLO!!!!11 j00 h4v3 b33n HAC....buffering.....buffering....buffering...."

    1. Re:So the exploit would go something like... by wik · · Score: 5, Funny

      .... it's a new form of buffer underflow attack.

      --
      / \
      \ / ASCII ribbon campaign for peace
      x
      / \
  3. Shades of MS? by Ignorant+Aardvark · · Score: 5, Funny

    From the Real Player Knowledge Base:

    To prevent maliciously formatted video streams from providing a backdoor into your system, type the video stream by hand and verify that it contains no malicious code.

  4. List of vuln [buffering] by QEDog · · Score: 4, Funny

    The specific [buffering] were:
    Exploit 1: To operate remote [buffering] from the domain of the [buffering] opened by a [buffering] file or other file.
    Exploit 2: To fashion [buffering] which allow an attacker to on a user's [buffering]
    Exploit 3: To fashion [buffering] create Buffer Overrun errors.

    --
    "There is no teacher but the enemy."-Mazer Rackham
  5. Type THAT! by LostCluster · · Score: 4, Funny

    From the Real Player Knowledge Base:

    To prevent maliciously formatted video streams from providing a backdoor into your system, type the video stream by hand and verify that it contains no malicious code.


    Anybody out there who can type at 128 kbps?

    1. Re:Type THAT! by McGarnacle · · Score: 5, Funny

      Anybody out there who can type at 128 kbps?

      Yes, but not without a good deal of ...buffering... going on.

      Everytime a Real story shows up on slashdot, I'm tempted to post this. Looks like I couldn't resist!
      --

      I disagree with what you say, but will defend to the death your right to tell such LIES!

  6. I never noticed any corruption in the stream by morelife · · Score: 4, Funny

    I still haven't gotten past configuring my message center options in Real Player. Boxes keep popping up. I've bought the full version three times now. What's wrong?

  7. The thing is... by teamhasnoi · · Score: 5, Funny
    in order to execute the exploits, you first have to click on thirty-seven checkboxes hidden in a Tibetian monestary.

    Then you must send 34 seconds of a certain portion of the movie 'Deliverance' over a period of 22 minutes.

    These two things must be accomplished while repeatedly hitting 'alt-f4' on your keyboard, and screaming, "Damn you Real Player! Damn you to Hell!' like a woman.

    Of course, if you reboot you'll have to start all over again, after a slight delay.

    Um, a longer delay.

    Ok, you get one shot at this, I guess. At least the exploit is consistent with their user interface.

  8. Re:Instructions by Anonymous Coward · · Score: 5, Funny

    RealPlayer is a program you use when you half to.

    I wouldn't even use it if I third to.

  9. This one is too easy. by Montreal+Geek · · Score: 4, Funny
    Be definition if you have any software from RealNetworks on your box, then a malicious attacker is running arbitary code.

    Spyware, adware, "helpful" browser adjuncts.

    Oh, wait, you mean another malicious attacker!

    -- MG

  10. Buffering... by arvindn · · Score: 4, Funny

    Its ironic that one of the vulnerabilities is a buffer overflow.

  11. The Three Vulnerabilities are.... by Viking5150 · · Score: 4, Funny

    buffering.......buffering.......buffering......

  12. Re:I miss Progressive Networks... by Bombcar · · Score: 4, Funny

    Today's Dilbert is strangely appropriate...

    Read