Three Vulnerabilities Discovered in Real Player
prostoalex writes "British Next-Generation Security Software discovered three vulnerabilities in popular Real Player. A malicious attacker can execute arbitrary code by offering corrupted RealAudio stream. Real Networks posted the instructions on dealing with security flaws."
"Your band's so bad that their voices hack real player"
"LOLOLOLO!!!!11 j00 h4v3 b33n HAC....buffering.....buffering....buffering...."
From the Real Player Knowledge Base:
To prevent maliciously formatted video streams from providing a backdoor into your system, type the video stream by hand and verify that it contains no malicious code.
Cyde Weys Musings - Scrutinizing the inscrutable
The specific [buffering] were:
Exploit 1: To operate remote [buffering] from the domain of the [buffering] opened by a [buffering] file or other file.
Exploit 2: To fashion [buffering] which allow an attacker to on a user's [buffering]
Exploit 3: To fashion [buffering] create Buffer Overrun errors.
"There is no teacher but the enemy."-Mazer Rackham
From the Real Player Knowledge Base:
To prevent maliciously formatted video streams from providing a backdoor into your system, type the video stream by hand and verify that it contains no malicious code.
Anybody out there who can type at 128 kbps?
I still haven't gotten past configuring my message center options in Real Player. Boxes keep popping up. I've bought the full version three times now. What's wrong?
Then you must send 34 seconds of a certain portion of the movie 'Deliverance' over a period of 22 minutes.
These two things must be accomplished while repeatedly hitting 'alt-f4' on your keyboard, and screaming, "Damn you Real Player! Damn you to Hell!' like a woman.
Of course, if you reboot you'll have to start all over again, after a slight delay.
Um, a longer delay.
Ok, you get one shot at this, I guess. At least the exploit is consistent with their user interface.
RealPlayer is a program you use when you half to.
I wouldn't even use it if I third to.
Spyware, adware, "helpful" browser adjuncts.
Oh, wait, you mean another malicious attacker!
-- MG
Its ironic that one of the vulnerabilities is a buffer overflow.
buffering.......buffering.......buffering......
Today's Dilbert is strangely appropriate...
Read
Fellowship 9/11