Slashdot Mirror

← Back to Stories (view on slashdot.org)

RealPlayer Zero-Day Flaw Under Attack

Posted by Zonk on from the my-kingdom-for-a-patch dept.

openOption writes "ZDNet is reporting that hackers are actively exploiting a zero-day hole in RealNetworks' RealPlayer media player, a software program installed on tens of millions of Windows computers worldwide. The in-the-wild attacks targets a previously unknown and unpatched ActiveX vulnerability in the way RealPlayer interacts with Microsoft's Internet Explorer browser. The flaw is causing drive-by malware downloads when an IE user simply browsers to a maliciously rigged Web page."

150 comments

  1. Installed by millions... by Anonymous Coward · · Score: 5, Funny

    Used by no one... until now.

    1. Re:Installed by millions... by Anonymous Coward · · Score: 0

      I was just wondering why every exploit found is now called zero day.... What the heck does that even mean? Zero days? How can there be zero days? If one-day is Tuesday, Sunday or whatever, what is zero-day? An exploit that has no place in time or space??

    2. Re:Installed by millions... by VagaStorm · · Score: 3, Informative
      From Wikipedia:

      A zero-day (or zero-hour) attack is a computer threat that exposes undisclosed or unpatched computer application vulnerabilities. Zero-day attacks take advantage of computer security holes for which no solution is currently available.
      --
      www.aleo.no
    3. Re:Installed by millions... by Sillygates · · Score: 2, Insightful

      This wouldn't be a problem if companies like Dell(?) didn't preinstall RealPlayer on computers.

      --
      I fear the Y2038 bug
    4. Re:Installed by millions... by Huwawa · · Score: 0

      Mplayer ftw.

    5. Re:Installed by millions... by Zymergy · · Score: 1

      That is why we have the PC Decrapifier: http://www.pcdecrapifier.com/

    6. Re:Installed by millions... by conlaw · · Score: 1

      Thanks for the link. I'll probably have to set up a Windows box for my niece before she starts high school and it sure would be great not to have to go remove all the crap by hand.

    7. Re:Installed by millions... by sh3l1 · · Score: 1

      Why do you have to install this? Wouldn't this be more crap on your computer?

      --
      Help Me! I'm trapped in the tubes! Oh noes! Here comes a internet!
    8. Re:Installed by millions... by Zymergy · · Score: 1

      It is a batch uninstaller that saves you lots of TIME as it uninstalls the CrapWare/TrialWare factory installed on so many OEM PCs in one operation and reboot.
      And you don't need to uninstall it as it is merely a free standing executable application (and it even offers to create an XP/Vista restore point if you want/need to undo changes).

      I do correct myself in pointing out that I was in error when I ~assumed~ that the PC Decrapifier uninstalled "RealPlayer", I feel it should be on the list of detected crap to be removed but it appears to not be on the current list...

    9. Re:Installed by millions... by dotancohen · · Score: 1

      It's called a zero day exploit because zero is the amount of days that you have to patch a system vulnerable to exploit. Pretty much, that means that the attackers have been exploiting the weakness in the wild even before the exploit was known to security firms. http://what-is-what.com/what_is/zero_day_exploit.html (full disclosure: I'm affiliated with that site)

      --
      It is dangerous to be right when the government is wrong.
    10. Re:Installed by millions... by hidave · · Score: 1

      Hey Zy, you seem to know more than some. Can you answer this for me: If I "remove" a piece of software from my computer, how can System Restore bring it back; ie, "undo changes"? This happened to me a while back. I was trying to get McAfee Antivirus off my computer, but when I did a System Restore, it came back. Thus, it wasn't really off my computer. (PS I finally got it off by using McAfee's removal tool.)

      --
      Synchronizing stop lights across the US = one less nuclear power plant
    11. Re:Installed by millions... by Anonymous Coward · · Score: 0

      This wouldn't be a problem if companies like Dell(?) didn't preinstall RealPlayer on computers. But you don't have problem with Windows Media Player pre-installed to deep levels of system in a degree that it took Microsoft months to ship a playerless Windows?

      Lets not forget another thing. This flaw is somehow only happening with IE, another dictated Application coming with system. It is so deeply tied to OS that nobody-including MS can't remove it.
    12. Re:Installed by millions... by Ilgaz · · Score: 1

      That is why we have the PC Decrapifier: http://www.pcdecrapifier.com/ I got a better solution. Don't buy Dell, buy from a company who respects your rights to choose your own software.

      Windows, Linux, Apple doesn't matter. There are companies like that.

      Deep level issue is, this issue somehow related to IE and ActiveX. Good luck removing them from Windows ;)
    13. Re:Installed by millions... by billcopc · · Score: 1

      This wouldn't be a problem if Real Networks would just fuck off and die.

      I've always considered their software to be borderline spyware, even back in the 90's, and it's only gotten worse with every new release.

      Death to Real!

      --
      -Billco, Fnarg.com
    14. Re:Installed by millions... by calebt3 · · Score: 1

      The only way to prevent that from happening again is to temporarily turn off System Restore, and turn it back on if you actually want it.

      To turn it off: Right-click "My Computer" (might be in the Start menu)>>"Properties">>"System Restore" tab>>Uncheck the little box that says something about enabling system restore (it's the only such box in there).

      WARNING! This will erase all of your currently existing restore points. If you resume using system restore, re-check the box and create a restore point from Start Menu>>Programs>>Accessories>>System Tools>>System Restore

    15. Re:Installed by millions... by hidave · · Score: 1

      Thanks. That brings up an interesting thought: Assuming I don't turn off System Restore, is ALL the software on my computer that I may have thought deleted from my computer recoverable from the past? That could certainly use up a lot of HD space. I had thought that System Restore only kept various settings from the past; obviously that was wrong. One time on a Dell laptop w/ XP, I had to do a System Restore to a time before I even received the computer from Dell to get it to work (i.e., the very first restore point). Thus, I am reluctant to erase all previous restore points.

      --
      Synchronizing stop lights across the US = one less nuclear power plant
    16. Re:Installed by millions... by Zymergy · · Score: 1

      In your example to the good post from calebt3, in the case of certain virus infections, or other malware which infects the windows restore feature, you would likely need to disable 'system restore' it to effectively clean/scan your system
      (and you would lose the saved restore points)
      You might want to obtain your specific system's Original Dell Windows XP OEM Installation disks.
      You can get them from Dell here: https://support.dell.com/support/topics/global.aspx/support/dellcare/en/backupcd_form
      If Dell is out of your specific system's original OEM reinstallation disk set, it is probably just the pre-loaded drivers and crapware specific disk they are out of.
      Most Dell's (that ship with a Microsoft OS) have an OEM Microsoft sticker on the bottom/back with the 25-digit activation key. (you may/may not need this if you format and reinstall from scratch)
      If the Dell OEM version of Windows XP (Original, SP1, SP2, etc..) from the sticker is determined and Dell is out of your CD, ask friends, family, some local Dell computer repair shop, etc.. to "use" one of their disks. (you are not supposed to 'copy' the Dell OEM disks). The fancy 25-digit key sticker on the bottom of your Dell laptop is your Microsoft OEM License ("what you pay for" as far as your purchase of OEM WinXP) and the CD from Dell just happens to be the packaging so there is usually one CD/DVD per system version (SP1, SP2, etc..) of OS and when installing it will check for the correct DELL BIOS signatures (whatever they are).
      If they are out of your specific disk, you could look on eBay for an identically named disk if the above fails. (Dell typically makes the version different OEM Windows disks different colors for each version)
      You would need to download the proper OS/Hardware drivers form Dell here: http://support.dell.com/support/downloads/index.aspx?c=us&l=en&s=gen
      NOTE: Some Dell PCs shipped only with a hidden HD partition where the OEM Windows files were kept. (You may want to check if Dell has OEM disks for you, and if not then do your research before using any other sourced DELL OEM OS disk).
      Of course, you could always use something like Norton Ghost to make a backup image of your HDD to a removable drive or CD/DVD once things were "perfect" and revert back to that image if your system gets hosed. (but you literally would be at that point and lose all changes to OS and data since that image)

    17. Re:Installed by millions... by hidave · · Score: 1

      Thanks! I'm saving this info for reference. Those of us who use a computer as a tool instead of a way of life are jealous of your knowledge. No joke. Have a good day Zy...

      --
      Synchronizing stop lights across the US = one less nuclear power plant
    18. Re:Installed by millions... by Anonymous Coward · · Score: 0

      Everyone else who just uses their computer as a tool uses Linux and never has to worry about it. But why do real work when you could be fucking around with "System Restore"?

  2. Good thing I don't use Real by Anonymous Coward · · Score: 2, Funny

    Greased up Yoda doll
    Puckered anus
    GO LINUX!

    1. Re:Good thing I don't use Real by Anonymous Coward · · Score: 0

      That was enlightening, thank you. I have just poured hot grits down my pants.

    2. Re:Good thing I don't use Real by Anonymous Coward · · Score: 0

      I haven't seen an anally inserted greased Yoda doll troll in *years*! Kudos to you, anonymous troll, for keeping the old /. traditions alive.

    3. Re:Good thing I don't use Real by Ilgaz · · Score: 1

      I still don't have clue why Real spares their time and money to a platform they don't make any money from and get flamed even while they offer their million dollar assets (patents) for free to open source developers.

      Yes, they are the same stupids who offers a complete media player solution to your AC favorite system along with its source code and complete framework.

    4. Re:Good thing I don't use Real by Slashcrap · · Score: 1

      I still don't have clue why Real spares their time and money to a platform they don't make any money from and get flamed even while they offer their million dollar assets (patents) for free to open source developers.

      Yes, they are the same stupids who offers a complete media player solution to your AC favorite system along with its source code and complete framework.

      Yes, but it sucks. Free crap is still crap and I don't quite see why I should thank someone for handing me a pile of shit.

      As an example I recently tried using the Linux version of RealPlayer to watch the BBC News24 stream. It would play a couple of frames and then get stuck. Then I tried Mplayer using the codecs that got installed with RealPlayer. Played fine.

      So the codec's alright but everything else sucks. Did they donate the source to their latest RealVideo codec or just the parts that sucked donkey cock? I think you already know the answer.

  3. SOFTWARE PROGRAM!!!11111```oneone by Anonymous Coward · · Score: 5, Funny


    a software program

    I like software programs. They run well on my computer PC and look nice on my display monitor. My computer PC works well, all the way from the electric power cable to the Ethernet network card, the hard disk hard drive, and my wireless keyboard keyboard and mouse mouse.

    (What are synonyms for keyboard and mouse?)

    1. Re:SOFTWARE PROGRAM!!!11111```oneone by Anonymous Coward · · Score: 0

      Even though regardless quoted parent's reply post is flamebt troll also and troll flamebait in its nature, it's good satire satire.

    2. Re:SOFTWARE PROGRAM!!!11111```oneone by Penguinshit · · Score: 1

      HID

      --

      I have something in common with Stephen Hawking...

    3. Re:SOFTWARE PROGRAM!!!11111```oneone by calebt3 · · Score: 1

      You mean sarcastic satire.

    4. Re:SOFTWARE PROGRAM!!!11111```oneone by Curmudgeonlyoldbloke · · Score: 1

      a software program As opposed to a hardware program used by something like a Jacquard loom, presumably....
    5. Re:SOFTWARE PROGRAM!!!11111```oneone by jcuervo · · Score: 1

      "Alphanumeric keyboard" and "computer mouse"?

      --
      Assume I was drunk when I posted this.
    6. Re:SOFTWARE PROGRAM!!!11111```oneone by lenroc · · Score: 2, Insightful

      "Alphanumeric keyboard" and "computer mouse"?

      Looks like someone confused verbosity with redundancy

    7. Re:SOFTWARE PROGRAM!!!11111```oneone by rlbond86 · · Score: 1

      Hey, electric power is not redundant. There are other types of power as well. /is an electrical engineer

    8. Re:SOFTWARE PROGRAM!!!11111```oneone by Anonymous Coward · · Score: 0

      mouse pointer

      and maybe keyboard terminal?

      you're welcome

    9. Re:SOFTWARE PROGRAM!!!11111```oneone by GameboyRMH · · Score: 1

      Typing Keyboard and Pointing Mouse sound good.

      --
      "When information is power, privacy is freedom" - Jah-Wren Ryel
    10. Re:SOFTWARE PROGRAM!!!11111```oneone by G-Licious! · · Score: 1

      I especially like the software programs that allow me to browser the internet. Browsering probably consumes half my day!

  4. Whew! by dedazo · · Score: 3, Interesting

    God, I'm so glad I bought a computer with Windows XPN, which thanks to the wisdom of the European Union and RealNetworks' claims of unfair competition against their cuasi-malware player, does not include Windows Media Player! Yes, instead the OEM installed... oh, wait. They installed RealPlayer. Holy sh #$!@&*^} NO CARRIER

    --
    Web2.0: I love when people Flickr my cuil and digg my boingboing until my google is reddit and I start to yahoo
    1. Re:Whew! by athdemo · · Score: 1

      Just don't use the internet, you'll be fine. Wait, nevermind, RealPlayer? You'll never be fine.

  5. Hackers are the least of their troubles... by Ecuador · · Score: 2, Funny

    I don't want to be a troll, but people who install Real Player are asking for trouble.
    Wow, I just had a scary thought I managed to block just in time before passing out: Real Player. On Vista.

    --
    Violence is the last refuge of the incompetent. Polar Scope Align for iOS
    1. Re:Hackers are the least of their troubles... by athdemo · · Score: 1

      I swear I haven't seen or heard from RealPlayer in like 5 years, it's still around? And people install it?

    2. Re:Hackers are the least of their troubles... by Jugalator · · Score: 1

      For some reason, it can still be popular on various news sites and so on, so yes, people hence use it. I guess Real simply give them some irresistible deals, because surely they aren't stupid enough to willingly use that format? I can admit that the most modern Real formats are pretty good, but the standalone player and all that isn't.

      --
      Beware: In C++, your friends can see your privates!
    3. Re:Hackers are the least of their troubles... by mindbooger · · Score: 1

      Eh, it's more open (with the Helix stuff?) and more multiplatform than Microsoft's alternatives (is even Mplayer with binary codecs able to play DRM'd WMVs? And even their new Silverlight, despite allegedly for Mac and Windows, is OSX x86-only -- there's a buttload of still-useful PowerPC machines still out here).

      And with most sites I've seen that offer streaming content, those are my two choices -- Real or DRM'd MS (if I'm even lucky enough to have a choice of something non-MS!). Or Flash. Ooh, yeah, that's much bet....ter.

      So yeah, Real is the (much) lesser of those three evils. The player isn't even all that bad on MacOS -- I never saw the bloatware Windows version everyone rips them for, so I don't know how bad it was. It's not like that now. And I don't even use it; I just have Mplayer using the installed Real player's codecs on OSX-PPC.

    4. Re:Hackers are the least of their troubles... by Dishevel · · Score: 4, Funny

      I love Real Player. Its icon is pretty and when I click on some things on the internet it works sometimes for me. If it dose not work I just figure that the people putting that bad stuff on the internet must not know what a wonderful company Microsoft is for people like me. Now if you will excuse me I need to click on something real fast so AOL doe not disconnect me again. All I need is MS programs that I can use while online with AOL with my wonderful CABLE COMPANY connection to the internet.

      --
      Why is it so hard to only have politicians for a few years, then have them go away?
    5. Re:Hackers are the least of their troubles... by clsours · · Score: 0

      Im not sure why, but on many news/radio sites the real media stream is better quality than the windows or mp3 streams. I would suppose that the quality per bandwidth would be the same, but Im not sure. Maybe I just have cheap speakers.
      From TFA By instantiating the object and invoking a specific method and attacker is able to corrupt process memory and execute arbitrary code with the privileges of the browser..
      Seems simple, just assign the browser ring 3 security. Oh wait, its Windows (and the user is Administrator with no password).

      --
      Seagoon: Shut up Eccles!

      Eccles: Shut up Eccles!
    6. Re:Hackers are the least of their troubles... by Angostura · · Score: 3, Interesting

      I can't speak about the windows version, but the OS X implementation of the free player is actually very nice to use indeed: fast and lightweight. It's the format I choose for listening to and watching BBC streaming feeds.

    7. Re:Hackers are the least of their troubles... by networkassault · · Score: 1

      It's also easy to uninstall. Just drag it to the trash (along with all other files that comes up when you run a spotlight search for realplayer), then just hit Command, Shift, Delete. Then again, I uninstalled IE from Windows 95 machine. Anything is easy to uninstall after that.

      --
      "I'm glad I'm going to die because, when I do, the world's gonna go to the dogs." -Me on aging and the next generation.
    8. Re:Hackers are the least of their troubles... by t1n0m3n · · Score: 1

      don't tell the mr poop sniffer spam guy

      --
      32303036 204D5620 41677573 74612042 72757461 6C652039 31307320 53696C76 65722F52 656400
    9. Re:Hackers are the least of their troubles... by egypt_jimbob · · Score: 3, Informative

      Seems simple, just assign the browser ring 3 security. Oh wait, its Windows (and the user is Administrator with no password). A spammer can still send spam from ring 3. A botnet herder can still run a bot from ring 3. A phisher can still change proxy settings from ring 3.
      Ring 0 only adds stealth to attacks that work just fine from ring 3.
      --
      I am a leaf on the wind. Watch how I soar.
    10. Re:Hackers are the least of their troubles... by Buran · · Score: 1

      Good luck installing the file manager. Yeah, that'll get you real far. It'd be like yanking the Finder out of my Mac (which has not and never will have a problem with this flaw...)

      --
      i am a soviet space shuttle
    11. Re:Hackers are the least of their troubles... by Buran · · Score: 1

      I mean, UNinstalling. Hello, this is 2007 and there's no edit button? And what's with this lame "to give everyone a chance to post" bullshit? It's 2007, computers can handle more than one simultaneous query.

      --
      i am a soviet space shuttle
    12. Re:Hackers are the least of their troubles... by Draek · · Score: 1

      yup. It works on Linux, it's fast, lightweight, and it's used by reputable news sites, something that can't be said of any other video codec.

      --
      No problem is insoluble in all conceivable circumstances.
    13. Re:Hackers are the least of their troubles... by Anonymous Coward · · Score: 1, Informative

      I'm not sure you know what "ring3" really means. On windows, ALL "applications" run in ring3, even ones run by the administrator. ring3 means user mode, and is apposed to ring0 which means kernel mode.

      The VAST majority of code run on your computer runs in ring3, including your browser. Bottom line is that ring0 does not mean "administrator." It means code with system (read kernel) level privilege. This is where drivers and system calls run, not applications.

    14. Re:Hackers are the least of their troubles... by Ilgaz · · Score: 1

      If it is DRM, I would choose Real DRM because they actually make money from their servers. They do it for living, MS does wmedia to give hell to people who dares to reject using their OS.

      Fortunately their "Lets give sites wmedia server free so they will serve our junk format" failed horribly after Flash took over the embedded video market thanks to hassle free installation and being multiplatform. Now the MS geniuses came up with "SilverLight" aka "Flash killer" (!) and naive or well paid usual suspect decided to port it to GNU/Linux.

      I don't know them of course but I bet the success and well reviews of Realplayer/OS X made them change direction on Windows too. You know, they figured people really, only wants a multimedia multi format player and nothing else.

      I am glad they don't care about the horrible feedback from /. etc. people and keep supporting open source and multi platform. They could make it Windows only, get some "exclusive rights" from MS and happily ship a enhanced windows media player instead of inventing things.

    15. Re:Hackers are the least of their troubles... by Anonymous Coward · · Score: 0

      It's to prevent malicious edits.

      e.g. Being modded up to +5 and then changing your links to goatse.

    16. Re:Hackers are the least of their troubles... by Anonymous Coward · · Score: 0

      Ring 0 only adds stealth to attacks that work just fine from ring 3.

      But surely a ring 3-only malware would be pretty f*xxored if there was a good security software (the OS itself!?) running at ring 0 and detecting it and smashing it as soon as it tries to do any wrongdoings no!?

      Which is kind of the whole point to have different rings... To have lower rings exercising more controls/verification/security checks on higher rings.

      Which was kinda the point of the GP: this is Windows and, once more, a fscking trivial buffer overflow becomes "plz pwn my box"...

  6. Not in Vista by El+Lobo · · Score: 4, Informative

    The vulnerability doesn't affect IE in protected (sandboxed, default) mode on Vista, of course.

    --
    It's time to realise that Abble's products are the biggest abomination these days. Just say NO to the dumb iAbble way!!
    1. Re:Not in Vista by Anonymous Coward · · Score: 0

      everyone is using XP?? whats your point?

    2. Re:Not in Vista by Anonymous Coward · · Score: 1, Interesting

      Actually it does. If you bothered to learn the underlying components(below the API) you wouldn't sound like such a dolt.

    3. Re:Not in Vista by suv4x4 · · Score: 1

      I've no particular reason to reply here, but check the other replies.

      They're actually insulting, ranting, cussing, since you mentioned Vista isn't vulnerable. Makes me sad of Slashdot, you know?

    4. Re:Not in Vista by The+Master+Control+P · · Score: 1

      In other words, Vista/IE7 are on par with every other non-Microsoft OS/browser in this particular aspect. That's good news, but don't color me too impressed.

    5. Re:Not in Vista by recoiledsnake · · Score: 1

      You mean every other non-Microsoft OS/browser has a sandbox model to stop exploits from running over user files? Can you name a few or were you just karma whoring the groupthink?

      --
      This space for rent.
    6. Re:Not in Vista by The+Master+Control+P · · Score: 1

      Something like running firefox/konqueror with sudo -u nopriv_user under Linux? Or if you're paranoid, setting up a chroot jail or BSD jail?

  7. Experts Quickly Noted However.... by rel4x · · Score: 5, Funny

    ...that the viruses using this attack were still easier to uninstall than RealPlayer itself.

    --

    Before you mod me funny, think, perhaps I was insightfully funny?
    1. Re:Experts Quickly Noted However.... by Fx.Dr · · Score: 5, Funny

      Upon attempting to exploit the flaw, the virus was promptly greeted with ...BUFFERING... ...BUFFERING...

    2. Re:Experts Quickly Noted However.... by Xtifr · · Score: 1

      dpkg --purge realplayer
      Does the trick on my system. I also note that this is not a flaw in Realplayer! If it were, I would be vulnerable, but since it relies on ActiveX, which I don't have, I seem to have have litle to worry about. This is (Yet Another) ActiveX exploit. Yawn. Even the open source guys (and these days Realplayer is mostly open-source except for their one special codec) can't make a Windows-based system secure.
  8. Re:This just in: ActiveX STILL a bad idea... by cnettel · · Score: 1

    And what about Netscape plugins? This is not "download ActiveX controls on demand" which was chastised and basically isn't around anymore. This is the fact that some apps on your machine say "hey, I know how to handle some data on the net, just load this dynamic library of mine and hand it the data, and I'll render it neatly in the browser".

  9. Huh. by ripewithdecay · · Score: 1

    I had no idea people still use RealPlayer.

    1. Re:Huh. by SEMW · · Score: 1

      "To Listen Live, or Listen Again to shows you have missed, on the BBC Radio Player you will need to have ... RealPlayer installed on your computer." (source: The BBC)

      --
      What's purple and commutes? An Abelian grape.
  10. Typical Zonk editing by Anonymous Coward · · Score: 0

    Whenever Zonk browsers to Slashdot to post a story, lots of spelling and grammar errors attacks us. Maybe he should install a software program to assist his editing.

  11. Re:This just in: ActiveX STILL a bad idea... by scubanator87 · · Score: 1

    All to true! A while back [adult swim] used to require activex to watch watch their videos on line. They kicked that to the curb since they realized that their demographic is the same demographic that is most likely to not use IE/ activex! They got the picture so should every one else!

  12. Video press release by operagost · · Score: 4, Funny

    Real has posted a video press release on this. I would like to tell you more, but it's still buffering. Maybe they should use Media Player for their press releases.

    --

    Gamingmuseum.com: Give your 3D accelerator a rest.
    1. Re:Video press release by Anonymous Coward · · Score: 0

      Hahahahaa, the "buffering" tag made me burst into uncontrollable laughter. I only tried real shit once and have hated it passionately since. The interface was fucking horrible circus of blinkenlichts and popups and flashing ads hell. The program fouled up my file associations good and kept doing it. And the content was always "buffering"...

      Those good old days...

  13. I wouldn't worry... by Deacon_Yermouf · · Score: 2, Funny

    It's going to take a while for the virus to stop buffering....

  14. Real Alternative by gravis777 · · Score: 3, Informative

    http://www.free-codecs.com/download/Real_Alternative.htm

    Now I just have to worry about unpatched holes in Windows Media Player!

    Truthfully, I already have one bloated Media Player that is part of the OS on my machine, why would I want to install another?

    BTW:
    http://www.free-codecs.com/download/QuickTime_Alternative.htm
    To take care of that OTHER bloated media player

    1. Re:Real Alternative by 0xygen · · Score: 1

      Is the vulnerability not in the actual codecs and plugins, which are the same ones used by Real Alternative?
      My impression was that both Real Alternative and Quicktime Alternative both just distribute the official codecs in a package that does not install the surrounding junk.

      Surely there is a good chance this still leaves you (and me) vulnerable?

      Any Proof Of Concept to test with?

    2. Re:Real Alternative by Rob+Simpson · · Score: 1

      Not the codec, but yeah, it would probably be in "RealMedia ActiveX control 6.0.12.1741 allows you to view RealMedia content that is embedded in a webpage. The RealMedia ActiveX control supports Internet Explorer." Choosing not to install this component would solve the problem, though.

    3. Re:Real Alternative by junglee_iitk · · Score: 1

      According to Karl Lillevold, a (lead) programmer for Real Player, Real Alternative is nothing but rebundled DLLs from Real Player in a wrapper for support other players. Thus, it is still exploitable.

      Brought to you by a linux-user, Real(TM)-hater/uninstaller. I uninstall it on every computer I encounter :)

    4. Re:Real Alternative by antdude · · Score: 1

      But, how do we know if RA's codecs aren't vulnerable? It has ActiveX plugin too.

      --
      Ant(Dude) @ Quality Foraged Links (AQFL.net) & The Ant Farm (antfarm.ma.cx / antfarm.home.dhs.org).
    5. Re:Real Alternative by suv4x4 · · Score: 5, Informative

      http://www.free-codecs.com/download/Real_Alternative.htm [free-codecs.com]
      Now I just have to worry about unpatched holes in Windows Media Player!

      Actually "Real Alternative" and "QuickTime Alternative" uses ripped off binary libraries straight off the official apps. It's quite likely you're vulnerable as well.

    6. Re:Real Alternative by DogDude · · Score: 1

      Have you ever considered doing something as exotic as uninstalling WMP?

      --
      I don't respond to AC's.
    7. Re:Real Alternative by cciRRus · · Score: 1

      Now I just have to worry about unpatched holes in Windows Media Player!
      If you're worried about WMP, you may wish to give Media Player Classic a try. It can be found in the Real Alternative / Quicktime Alternative installation package.
      --
      w00t
    8. Re:Real Alternative by 0xygen · · Score: 1

      Indeed, I think what I should have said is "A default install of Real Alternative in this situation is just as vulnerable as a default install of RealPlayer", as is this most likely what the majority of RA users have.

      Thanks for the info!

  15. In other news by jagdish · · Score: 0, Redundant

    Real networks finally figured who their 3 users are.

  16. Get with it by Skiron · · Score: 2, Funny

    New marketing name -> RealTrojans (or viruses/worms, whatever). Sales are UP!

  17. WARNING MS SHILL by Anonymous Coward · · Score: 5, Funny

    Nobody uses Vista because Vista's not compatible with Windows.

  18. RealPlayer by hyades1 · · Score: 0

    It's long been an annoyance to me that RealPlayer is installed by default on my Palm Tungsten E2, and there's no way to remove it without risk. It squats like a toad in my small pool of on-board RAM, taking up space I bought and paid for. On my PC, of course, it's just a smelly, fading memory, replaced ages ago by less toxic alternatives.

    --
    I've calculated my velocity with such exquisite precision that I have no idea where I am.
  19. No need to worry! - Screen shot of virus. by Anonymous Coward · · Score: 1, Funny

    You have been infected by a RealPlayer virus! Muahahah! In 5 seconds, your hard drive will be form ...buffering... ...buffering... ...buffering...

  20. Worried? Nah by jdjbuffalo · · Score: 2, Funny

    All 5 people who still have Real Player installed are in for a world of hurt...

    --
    We have four boxes with which to defend our freedom: the soap box, the ballot box, the jury box, and the cartridge box.
  21. It's worst then that by Liquidrage · · Score: 1

    The malware that gets installed is, itself, Real Player.

    Affected computers are stuck in a feedback loop where Real Player installs itself over and over again.
    The space-time continuum is breaking down as we speak.

  22. Re:This just in: ActiveX STILL a bad idea... by Anonymous Coward · · Score: 2, Interesting

    This vulnerability has nothing to do with ActiveX. ActiveX is just one method of hosting a plugin. Any method of hosting a plugin would be exactly as vulnerable. Anytime a browser accepts data from an outside source and passes it onto a library to handle that is a possible point of attack. There have been plenty of vulnerabilities found in non-ActiveX plugins for Internet Explorer and other browsers. There have been vulnerabilities found in the very libraries used by the browsers to display common content like images.

    This is why the Vista approach is the correct approach: sandbox the browser. The process should be locked down so tight that when a vulnerability is inevitably discovered that the damage it can cause is mitigated. Every OS and every browser needs to incorporate these mechanisms by default.

  23. browser, -noun, a person or thing that browses by piratesyarr · · Score: 2, Funny

    The flaw is causing drive-by malware downloads when an IE user simply browsers to a maliciously rigged Web page.

    I like the use of the word browser as a verb.
    Also, drive-by malware downloads? This hood is no longer safe, yo!

    --
    Small though it is, the human brain can be quite effective when used properly.
    1. Re:browser, -noun, a person or thing that browses by raehl · · Score: 1

      Besides, isn't a drive-by more of an upload?

      --
      paintball
    2. Re:browser, -noun, a person or thing that browses by rts008 · · Score: 1

      Depends on which end you are on- the giving end (upload), or the receiving end (you end up as Son of Goatse).
      You seem to be coming from the 'giving end' perspective...nothing wrong with that- better to give than receive as they say!

      On a serious note, WTF?!?!?
      Why is anyone still using ActiveX for anything? It's propensity for Bad Shit (TM) has been legendary for too long for this crap to keep happening. Anyone still using ActiveX needs beaten unconscious with a clue stick...last century!

      As others have previously posted, RealPlayer works pretty good on *nix, but I will not let it near my wife's WinXP ProSP2 machine. So far on Windows (have no clue and don't care about Vista-my experience has been with Win 3.1, 95, 98SE, 2000, and XP Pro), it still sucks. Also as previous posters have said: the alternatives to RealPlayer would probably have the same issues under similar conditions that is experienced with RealPlayer.

      Okay, to be fair and looking at the bright side: ;)
      We should applaud Real's Marketdroid-fu. This is a prime example of leveraging the synergy of the dynamics of the interaction of MS's Windows/IE combo and RealPlayer to maximum levels possible at this time. They both will continue to update the pogra^H^H^H^H^Hprograms to introduce new and unprecedented bugs^H^H^H^Hfeatures as soon as R&D can infect^H^H^H^H^H^Himplement these upgrades to the cattle^H^H^H^H^H^Hconsumers.
      This strategy will increase our profits^Wusefulness concerning our herd^Wconsumers, while obfusticating^Wmultitasking our resources to rape^Wreward our victims^Wpartners.

      Or some such BS. YMMV, proceed at your own risk, caveat emptor,etc.

      I think we are on the same side here, but this reply will let you (YES!-YOU are empowered here!!) decide, or rebuke my assumptions (but not my viewpoint-this is debatable!) as you see fit.

      Regards!

      --
      Down With Slashdot BETA!!! I've been around the corner and seen the oliphant; you can only abuse me from your perspecti
  24. "Browsers to a maliciously rigged Web page" by rho · · Score: 1

    Please, no more stupid verbs-nee-nouns.

    "Blog" should have been smothered in the crib, let's not loose another monster.

    --
    Potato chips are a by-yourself food.
    1. Re:"Browsers to a maliciously rigged Web page" by Anonymous Coward · · Score: 0
      "Blog" should have been smothered in the crib, let's not loose another monster.

      Given that this is slashdot, I unconsciously changed "loose" to "lose", and was left wondering why you didn't want to lose this monster.

      When I realised my error, I think I discovered how Pavlov's dog felt.

      Have a nice weekend.

    2. Re:"Browsers to a maliciously rigged Web page" by Actually,+I+do+RTFA · · Score: 2, Funny

      Come on, I love verbing words.

      --
      Your ad here. Ask me how!
    3. Re:"Browsers to a maliciously rigged Web page" by geekoid · · Score: 1

      So you want to crib it?

      I may go home a crib.

      Smell you later.

      --
      The Kruger Dunning explains most post on /. http://en.wikipedia.org/wiki/Dunning%E2%80%93Kruger_effect
    4. Re:"Browsers to a maliciously rigged Web page" by CopaceticOpus · · Score: 1

      Kids these days and all their browsering... they're going to catch the malware!

    5. Re:"Browsers to a maliciously rigged Web page" by Adambomb · · Score: 1

      although from what I've read, verbing weirds language.

      --
      Ice Cream has no bones.
  25. 1997 called. They want their security alerts back by El_Oscuro · · Score: 1

    I remember first reading about activeX security vulnerabilities in one of the O'Reilly nutshell books about website design. The book also covered controversial topics such as the use of the and tags in HTML.

    --
    "Be grateful for what you have. You may never know when you may lose it."
  26. I suppose, it's a buffering ... by Anonymous Coward · · Score: 5, Funny

    overflow exploit, right?

  27. real player still part of google pack (beta)? by sillyphisher1 · · Score: 2, Informative

    Last time I saw real player was when I installed google pack on a windows machine years ago. I love picasa and google earth, and at the time a few of the other packages seemed like nice things to get all in 1 install. Real player was the deal killer- I never could figure out what good it was. It seems like it spent more of my time and CPU cycles trying to sell me on an upgrade than doing anything useful. What was/is google thinking on that one?

    1. Re:real player still part of google pack (beta)? by Bryansix · · Score: 1

      Ug, Picasa sucks. I still can't figure out what it really DOES. When I installed it I couldn't get it to do a single thing.

    2. Re:real player still part of google pack (beta)? by Billly+Gates · · Score: 1

      Real player is not the pos it once was and the spyware is all gone and it is ok today. TO me the included Norton virus scan causes much more issues with speed than the real player.

      --
      http://saveie6.com/
  28. Oh, relax.... by Foerstner · · Score: 4, Funny

    You seem to be inexplicably tense. Perhaps you should relax for a while and watch a television program.

    Or go to the theater, and watch a play. If you have any trouble understanding it, you might find more in the program they give you. Hold on to it, they're collectible.

    Whatever you do, though, don't rely on alcohol to relieve your anxiety. If you become dependant on it, you may need a twelve-step program to get yourself back on track.

    --
    The US free market: two halves of a government-granted duopoly are free to set the market price.
    1. Re:Oh, relax.... by Oktober+Sunset · · Score: 2, Insightful

      All those use of 'program' are incorrect, they should all have been 'programme'.

      You fail at both language and making a point.

      --
      What if Tetris was invented by Nazis?
    2. Re:Oh, relax.... by lostguru · · Score: 1

      um not according to my dictionary, perhaps you should try speaking american?

      --
      Jayne: "These are stone killers, little man. They ain't cuddly like me."
      98% of America's teens drink alcohol, smok
    3. Re:Oh, relax.... by Antique+Geekmeister · · Score: 2, Interesting

      No, he failed at being British. In the US, it's spelled "program".

    4. Re:Oh, relax.... by adona1 · · Score: 1

      And in Australia, it's spelled "pogram" :)

      --
      Between the falling angel and the rising ape
    5. Re:Oh, relax.... by wdnsdy · · Score: 1

      Yeah, how else would we know that RealPlayer media player isn't a theatre programme or twelve-step programme installed on tens of millions of windows computers worldwide?

  29. Re:This just in: ActiveX STILL a bad idea... by cheater512 · · Score: 1

    With ActiveX anyone can make something automatically execute.

    With Firefox's plugin search there is a predefined list.

  30. just a typo. by Skadet · · Score: 1

    I think they meant to write "browses". Could have been a typo (the E and R are right next to each other), could have been a brain fart linked to muscle memory, but I really doubt someone's trying to introduce "browsers" as a verb.

    --
    Sony ha
  31. Soon to be on Slashdot: by JK_the_Slacker · · Score: 1

    Next up: Spam with attached Realmedia files that redirect to "stock sharing sites."

    --
    I'm waiting for a "-1 somepeoplejustshouldn'tgetmodprivileges" meta-moderation.
  32. You are attempting to laud Vista on slashdot by Anonymous Coward · · Score: 1, Funny

    [Cancel] or [Allow] ?

  33. Real Player still exists?? by GPL+Apostate · · Score: 1

    I remember 'registering' Real Player back in the 90's so they sent me a CD-ROM with the 'paid for' version that had a 'record' button (for those really, really rare instances where a server allowed you to record the stream.)

    Is Real Player still around???

    --
    Microsoft says legacy (serial/parallel) ports are bad. They don't obfuscate the hardware enough.
    1. Re:Real Player still exists?? by this+great+guy · · Score: 1

      Is Real Player still around???
      No. This /. story is a dupe from the 90's.
  34. it's 2007... by logicassasin · · Score: 1

    ... and people still use Real anything...

    Wow.

    After that wretched "G2 Phone Home" crap and the whole "tell me who your are so I can spam the hell out of you unless you use a fake email address like 'realsucks@pissoff.com'" crap, I'm really suprised ANYONE uses the stuff. I haven't come across a single site in the last few years that uses Real to stream, and all of my musician buddies stopped encoding in Real format back in 2001 or so.

    File this exploit under "does anyone really care?". It's like finding a zero-day exploit for Windows 3.11 or MS Bob.

    --
    Fifty watts per channel, baby cakes.
    1. Re:it's 2007... by Antique+Geekmeister · · Score: 1

      Apparently, the BBC's Iplayer project just announced that they'll also be providing content in Real, because a stack of Linux, Mac, and other software users got extremely upset their content could only be viewed with Windows Media Player. So, it's true that Real is around and will be around for a while, namely to provide an alternative to Windows Media Player.

      Now, if they'd just give up on calling files tagged as .rpm as Real files, and save them as software packages and save me having to use the "save as" option, I'd be thrilled.

    2. Re:it's 2007... by Ilgaz · · Score: 1

      Well I think you blame people for not keeping up with trends but you are in fact, out of date yourself.

      Things since Real G2

      1) Real changed entire management staff who was in charge for bundling things or deciding very plain GUID sending to SERVER which could be risk for privacy.
      2) Real opened the entire source of player/framework except million dollar worth codecs which nobody can beat on low bandwidth scenarios.
      3) Real patented their inventions and said "it is free to you if it is open source project" to developers.
      4) Real sued MSFT for their monopolistic actions on media player scene, an action which even AOL or Apple couldn't dare to and WON resulting a less Windows Media infected windows.

      They are the only company who cares about Linux AND OS X (yes, wmedia is dead) and even Solaris.

      BTW Your musician buddies must have moved to mpeg-4 based formats just like Real did on high bandwidth content. The only company rejects established multi platform/ neutral standards creates this problem with their horribly insecure ActiveX framework but they are free of any critism.
      .

  35. Great. More Patches. by Lime+Green+Bowler · · Score: 0

    Just bloody great. My company insists upon loading RetardPlayer in our workstation images. This will mean another high-priority patch. Patching is always painful- either the sudden unannounced Gift of Reboot, or the One-Hour-of-Death-Clock, that stays on top of everything. All for near-abandonware that nobody uses. Ah, if only we ran Linux.....

    1. Re:Great. More Patches. by pe1chl · · Score: 1

      It would be sufficient when your workstations were setup a bit more securely, and you would not be working as an Administrator or Power User all day.
      When using a Windows system as a normal user, those exploits do not stand a chance. That would be similar to using Linux as a normal user, not root.

      Of course far too many wannabe-windows-admins have yelled "cannot do that, need to be admin to run many programs" because they found that in 2000 and never checked again.

    2. Re:Great. More Patches. by Erikderzweite · · Score: 1

      Sure. Do you know someone who is working as non-admin on XP? It's a bit of very bad user experience. The system is a single-user one.

    3. Re:Great. More Patches. by pe1chl · · Score: 1

      I work as normal user on XP all day, and so do all our users. Only incompetently managed XP systems provide "a very bad user experience" in that case.
      Most admins are not interested in finding out how to manage their systems, they prefer quick-and-dirty methods even when it hurts security. When they have tried to install Vista the first thing they are looking up on internet is how to get rid of those "allow or deny" popups :-(
      With a little more study of the matter they would be able to get their systems secured against exploits like this.

  36. Re:This just in: ActiveX STILL a bad idea... by Anonymous Coward · · Score: 0

    In Windows you can define a list of "Administrator Approved Controls" and IE won't load any others. But it is a pain in the arse to configure and I'm the only person I know who's ever bothered. But I'm not vulnerable to this realplayer bug :)

  37. The Sole User of Real Here by WebmasterNeal · · Score: 1

    I still use the real player. Really the only reason I do is becuase the 100+ downloaded south park episodes I have from southparkx.net are encoded as .rm files and are better quality (for a 36mb) than anything else. Honestly though, people rip on Real but I think itunes & quicktime (bundled together mind you at 50mb+) is a much inferior product than Real. Apple and Adobe are two of the worst bundling companies out there.

    --
    "During My Service In The United States Congress, I Took The Initiative In Creating The Internet." -Al Gore
    1. Re:The Sole User of Real Here by GameboyRMH · · Score: 1

      Um, did you see the link to Real Alternative a little further up the page? There's a link to Quicktime Alternative as well, so you don't need Quicktime/iTunes either. Those codecs will allow you to play RP and QT files with just about any media player.

      Here I'll make it very easy for you:
      http://www.free-codecs.com/download/Real_Alternative.htm
      http://www.free-codecs.com/download/QuickTime_Alternative.htm

      --
      "When information is power, privacy is freedom" - Jah-Wren Ryel
    2. Re:The Sole User of Real Here by WebmasterNeal · · Score: 1

      I actually downloaded the real alternative codecs but they did not work with the current .rm files I have downloaded.

      --
      "During My Service In The United States Congress, I Took The Initiative In Creating The Internet." -Al Gore
  38. Drive-by? by mig174 · · Score: 1

    drive-by malware downloads? good thing I got a MAC

    1. Re:Drive-by? by mosschops · · Score: 1

      Actually, it's because you have a MAC that you're vulnerable. Without one you'd not have a network connection, and you'd be perfectly safe from this attack.

      Now, having a Mac would make having a MAC much less risky than under Windows...

  39. What is ActiveX? by WillAffleckUW · · Score: 1

    I disabled that on my WinXP a looooooonnnnnnnngggg time ago.

    --
    -- Tigger warning: This post may contain tiggers! --
  40. Re:Not in Vista (Permit Deny Allow) by WillAffleckUW · · Score: 1

    Would you like to permit this song to be played?

    How about this song?

    How about this one?

    (repeat 50 times)

    (user unchecks security check)

    --
    -- Tigger warning: This post may contain tiggers! --
  41. MIT open courseware & Realplayer by Ethanol-fueled · · Score: 2, Informative

    The evil Realplayer is still required for some MIT open courseware. They should convert those files ASAP.

    1. Re:MIT open courseware & Realplayer by Anonymous Coward · · Score: 0

      WOW! That's is really funny! It's like the great light meets the great darkness...

  42. Only Zero day flaws? by psychicsword · · Score: 1

    Sorry buy this post is buffering...

  43. ActiveX in IE by TT076659 · · Score: 1

    If you disable ActiveX in Internet Explorer, you will not be affected right?

  44. Patch available by Anonymous Coward · · Score: 0

    Real released a security patch:

    http://service.real.com/realplayer/security/191007_player/en/

  45. Only affecting badly managed systems by pe1chl · · Score: 1

    The flaw is causing drive-by malware downloads when an IE user simply browsers to a maliciously rigged Web page

    Of course this flaw only affects badly managed systems where the user is browsing the Internet while logged on as an Adminstrator.
    Microsoft is trying to discourage this but the users are too stupid to realize what they are doing wrong, and keep adding themselves to the Administrators group and keep trying to get rid of "annoying" popups that tell them they need to supply their password before the system will install software.

  46. A fix exists by fgaliegue · · Score: 0



    http://tech.blorge.com/Structure:%20/2007/10/20/realnetworks-releases-realplayer-fix-for-zero-day-activex-flaw/

    Seen in the firehose.

  47. Re:Not in Vista (Permit Deny Allow) by SEMW · · Score: 1

    I don't think you understand. Playing media files in realplayer would not require elevation, since playing a song doesn't need root privileges. Playing media files in internet explorer would not require elevation either, since though IE is sandboxed, playing media files wouldn't require IE to write to anything other than the 'temproary internet files' directory. But if a webpage tries to install malware, that would require writing to a directory other than temporary internet files (so needs user privileges), so you *would* need to elevate; hence the GP's post.

    --
    What's purple and commutes? An Abelian grape.
  48. ActiveX is the worst thing happened to MS by zukinux · · Score: 0

    ActiveX is the worst thing happened to MS, so many bugs, so many mistakes, and yet, it allowed by default, and if not, a site can pop up a message to allow it. Simple users click yes immediately when they see a pop-up, no matter what its content.

    If you'll do a test and pop-up a windows-look-alike Pop UP which says : A memory corruption has occurred in 0xdeadbeaf which its dump said "you're a dumbass if you click-yes" and crushed Explorer.exe
    Yes | NO

    95% of the users will click yes, without even reading it, to be honest, that's the reason RealPlayer was even installed at their computers for the first place.

    --
    Read and Comment at my BLOG
    !!!
  49. I'm done with Real by betona · · Score: 0

    My employer bought a company whose site had a ton of Real videos (I lead the internet services department). We just got through converting them all to streaming flash a week ago. It took a little work finding a tool that could do the job well. I feel better, the users win, it's all good. I just couldn't sleep at night knowing that I had a website out there that instructed good people to install the Real player.

  50. Re:The Sole User of Real Here-U R Not Alone by roninamano · · Score: 1

    You are not alone....

    I encoded some of my footage to Real in 2001 or so. I stopped because people complained that they couldnt get the free player by following the link. I tried it and it was so hard to find the free player that I gave up encoding in Real. But my old stuff is still there in Real. I also got really turned off when Real was so hard to remove- and its spyware actions. Just this week I had to go into the registry to keep "realsched.exe" from booting and obnoxiously interrupting other processes to spam about updates. Updates, mind you, that you cannot refuse to search for. The realsched.exe is installed to boot everytime you play the player. Very, very obnoxious software- particularly for an alternative to Microsoft.

    Nowadays we got YouTube.... They can pay the bandwidth. LOL.

  51. Re:I'm done with Real- Share the Wealth Dude! by roninamano · · Score: 1

    Could you please name the tool or provide a link for those of us still streaming Real?

  52. Just like a plague. by eiapoce · · Score: 1

    "a software program installed on tens of millions of Windows computers worldwide" This is a direct measure of how many people run computers without any actual knowledge and sense of security/efficiency.

    The last time I was forced to install the RealPlayer just to watch a piece on a website I was subjugated into a series of humiliating requests: screen after screen the installation process was going to possess all my media, substitute all the other legit players and link all the way possible into some shitty music download service.

    As soon as I recorded the piece in another DRM free format I disinstalled that stinky crap and run several scan for spyware because ultimately reaplayer is more a posses-my-pc-experience than a player.

    Conclusion: Those people running Realplayer showed they like to be abused by the same act of agreeing to the installation process. They thus deserve to be exploited by hackers. Anyway I guess those same people have been allready running bonzi buddy all this time.
  53. Virus through RealPlayer... by 6Yankee · · Score: 1

    Buggering... Buggering... Buggering...

  54. Like you didn't expect it by Anonymous Coward · · Score: 0

    Windows + Internet Explorer + RealPlayer = trouble?

    How unexpected!

  55. Comment removed by account_deleted · · Score: 1

    Comment removed based on user account deletion

  56. Not on my PC by Anonymous Coward · · Score: 0

    "RealNetworks' RealPlayer media player, a software program installed on tens of millions of Windows computers worldwide..."

    Heh heh... not on mine, sonny boy. Never on mine.