Viral movies possible with RealPlayer flaw
Results 1 to 3 of 3

Thread: Viral movies possible with RealPlayer flaw

  1. #1
    AO French Antique News Whore
    Join Date
    Aug 2001
    Posts
    2,126

    Viral movies possible with RealPlayer flaw

    A software slipup in RealNetworks' music player means that Windows, Mac and Linux computers could be compromised by a fake movie file, a security company said Friday.

    The problem means that fake movie files could be created that, when played by vulnerable Real software, would run a program instead. The flaw appears in RealPlayer 10 for Windows and Mac OS X, the RealOne Player for Windows and Mac OS X and the Real Helix Player for Linux.

    "Anyone who has RealPlayer is affected, and there are many people with RealPlayer," said Marc Maiffret, chief hacking officer at software security company eEye Digital Security, the company that discovered the security issue.

    RealNetworks could not be reached for comment.

    The flaw occurs in a component of Real's software that handles Real movie files with the .rm extension, according to eEye's advisory.

    Similar to the recent flaw in Windows applications that handle the JPEG image format, this vulnerability affects a widespread piece of software and could be used to create a virus.

    "It's similar to the JPEG flaw in the sense that just by viewing the file, or having the file 'force viewed' through a Web browser, your system can be compromised," Maiffret said. "I think both this JPEG vulnerability and the RealPlayer vulnerability are good examples of a type of threat that is becoming more prevalent: client-side vulnerabilities."

    Rather than finding a security hole in the operating system and gaining direct access to a computer, attackers are now increasingly looking at exploiting widely used applications.

    "Most security software...is not able to defend itself well against these client-based vulnerabilities, leaving companies with few alternatives other than patching," Maiffret said
    Source : http://news.zdnet.com/2100-1009_22-5393139.html
    -Simon \"SDK\"

  2. #2
    Banned
    Join Date
    Jul 2001
    Posts
    1,100
    Greetings:

    Well we all know EXACTLY where this will be come a problem: Porn sites that will use the flaw to install dialers, malware, adware, spyware, and everything else you could possibly think of onto people's computers.

    Porn is no longer safe sex, as you can now even catch viruses from it.

  3. #3
    AO French Antique News Whore
    Join Date
    Aug 2001
    Posts
    2,126
    Here is the link from RealNetworks!

    http://service.real.com/help/faq/sec...928_player/EN/
    -Simon \"SDK\"

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides