Network Security & Hardware - eWeek


Battery 500 Project Charged Up over All-Electric Cars
Charting the Final Frontier--Google Maps for Indoors
Get Smarter Technology on Your Mobile!
  Network Security & Hardware


Exploit Released for Combined RealPlayer, IE Flaws



 By: Ryan Naraine
2005-02-02
Article Rating:starstarstarstarstar / 0


There are 0 user comments on this Network Security & Hardware story.


Rate This Article:
Poor Best
Researchers warn that malicious hackers could exploit two unrelated and unpatched flaws in RealPlayer and Internet Explorer to launch system bypass attacks.

Security researchers have found a way to combine two unrelated—and unpatched—vulnerabilities in RealPlayer and Internet Explorer to launch malicious hacker attacks on PCs.

According to an advisory from Secunia, exploit code that could be used for system bypass attacks has been released on the Web, potentially putting millions of RealPlayer users at risk.

The RealPlayer flaw, which has been confirmed on RealPlayer 10.5 (build 6.0.12.1056), is caused by the way the RealMedia ".rm" files can open local files in the built-in browser.

Secunia said a malicious hacker could create a Web site to load an HTML document in a local context via a specially crafted RealMedia file.

Resource Library:

Used together with the known Internet Explorer vulnerability, the attacker could force files to be opened automatically from the browser that ships with RealPlayer.

Secunia suggests RealPlayer users avoid opening ".rm" files from untrusted sources as a temporary workaround until vendor patches are released.

RealPlayer 10.5 is the current version of Seattle, Wash.-based RealNetworks Inc.s flagship media player. It is available in two versions—Plus and Basic—for Windows, Mac OS X, Linux, Unix, Palm OS and Symbian OS users. RealPlayer 10.5 has an open-source equivalent called Helix player.

The Internet Explorer flaw, previously flagged as "high risk," can by exploited to hijack a vulnerable machine, conduct cross-site/zone scripting and bypass a security feature in Microsoft Corp.s Windows XP SP2.

Microsoft has confirmed the existence of the bug and has promised a fix as soon as quality control issues are addressed.

Stephen Toulouse, program manager at the Microsoft Security Response Center, says the MS05-001 update released in January lessens the risk caused by the IE flaw, but a private research firm has poked holes in that assertion.

After testing the patch that came with the MS05-001 advisory, IT security services firm GeCAD NET warned that at least one attack vector still exists and could allow the exploit of the HTML Help ActiveX control vulnerability.

GeCAD NET warned that flaw is still exploitable in Windows XP Service Pack 1 or Windows 2000 Service Pack 4, even when fully patched and up-to-date (MS05-001 included).

The use of media player software to launch malicious attacks is not entirely new. Last month, security researchers found that the newest DRM technology in Microsofts Windows Media Player was being used to deliver spyware, adware, dialers and computer viruses to unsuspecting PC users.

Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.



  Reader Comments: Exploit Released for Combined RealPlayer, IE Flaws
>>> Be the FIRST to comment on this article!
 

 
 
>>> More Network Security & Hardware Articles          >>> More By Ryan Naraine
 


xr㶲0;; ʷ♵MR%b[^fI*EBc")JzgyoP/}A4ЍFh|GgoD.\ݴt͙M5>5,3r-GgRSrĠOu Eߧiu9Az:pDwd>9|@D1F㠦?X=/[}D}F\3Ѣfb ^Pk$ȁ_Mܦ%yH#LERNȏmH|׶coauɷ{ w"Ntod9 Q)*Jd/B(?Ccr տ{a_U'iS[w@SUؓ[vB䅠1FE/u#J;rOG9"ScO$աUNI 0G^C]õ]\./RF eCwtSźS]kԏPL0H6=~0[ QC%$7 .lqO-%0/<{mI uBأZr$˺7hmwyakjtUP)}m˙=Z8ӼN~3j_~^(eU{>Α[w5-%uP\Oo:Y\u>..>ȃ-N6 [oLR*rP8$ȇ ;|5 P%oFxXX+(.c#-bzOa`% pfQU:5gsK׺iw[:=?iΐ}1fP+M~(#3hؕgxo_:nϚfK:7>mu3ɀ&dXAZ|]kUϷV1?qb{ dPp9Lwjt(~hvN{_[d@O'Sdp*^z޻ <--˭%wܻG)H̛cM|I`6L2T~`]Nj_[Ѭzxx[c/EU1MXrƒ t$u_˝7hr Ce)#p?c݃IhJq䰉kYSl؅ R4x O XR $}ВEtBAxu3 .)J!"x^3̸"ȅQ.%u.Ć> bO}ಆŹ1jYY6'*taeIUis[ӢKsQ}i5IsV؂)3G#вnZ 7MGR>MUJfz\ʡVp-~~l2B cLt ǟgA`: ~'c|>5$!|БdmxqZ.s+ЍEXn`vtha{4ڭl= KpI}xXOk9LP#wC۠h&r=kIׇ.[?? { G`p\&{ xk=`DMWtC` V< 2/?>an@ }S(r`OA=Z9nc@95Z ->ƈMG {D&f+Lo>L>hQox@6}=weٌi8xs' >`|=0Xհݙ2|dң%=?p*JNC_kVzq}~7MAV?Ty v|9p‡9E#rUϚX 5<.&B#57&Q OzBnLr畔UIY(hJSլ LyO).EcwBl㜜;F]s;tOj_f{+YW{#Uv/:At _օVPKo@x dX{K}kaԕ %/DA n:bXG6XG4~hN/a2*)w4>t:>{j -j&{|TM.r?  }dҶlߪ%M*ǚvX>ڹc3 %P$SJ$l%K׳wN c=`tu; 8`3ǟGRlC2ӱDhR+}ne@ͤԪ)X[ST2.Q\&V,'`#z)#NWɅk'SKwEeHW w!f d>i'[arShfh:l=_G>wZB_wa֚ofrI)jLy#lq-Z`by>dS]Wѹq='aKc:EZ"3 `_mpf Z FZ."&~~~029 K?|hF`'pW["LJ}wY'JzuG6$\.(J9)` N 2|h:|#P& ,#E .2 ZCK`АBrAa T+S//' 7]@.&D~Ê?DNRcK=.C+DÜU^Vw.$JPVbrxɡUT9.J8;3??]et4? wC~y>?ogrا{_{}u>rɵ>gw%eXY81f-1?0kE /ÊTU5ݧ+i fB1&} ldAX~\U4Uud¹`Qеa⢉!h+4khý235RzVU;OP(;Ђw>k-4fۤ`"+jUv~Ie(Q'3Gŵ5 φS 1j>Lk}\SaݬXY :څHi3 9& ~gH5y3V9y]%fZ+a1-*=>]6AYdMgeU)XW}ˀeyM/ܛZI`%g\Ukh{9A;B, r}䯦gSSM8^&&оȣ*騫VJǂe2&0ڃF5c;[* <l*k`=z{'q7_-YEn;&}+琩ksC/ ܒ; k@X'V-(7ϙ40p2Z=]*WlYP;,g|6Si4DZ63ȈDrzzB*~1#'l\s m:R.R\9HǞ1|]ܩe>tgc24Nw/UUAS<:h3$P@hOXM\֮o,sqIe>2Q&OB8Jh-[r_A~V0u^Ac#ȫͦ'0(j'#O7)~ }$DC9m^KeT#UX)TԒP/YTAtUYbke`WPF4`W&\x&\_{3Ƌ(b(Q^aD}Rx*+nQ/ew>Q? &i= P3)&t]4Tcfa2J4D knqۇ:aGF*ݔ;Y`'\U%P-HjYt>80xH N W8pL\'eM=J6z7{q O4 }Mj_5[1U/o:Rŏ-ø@oٷP KcF1>`d˙]=/boft0lg^hy+ @$aN׹p.7WKߧ ?wL.W-)^s-< rLpAj\?^'d0| szj܄6b ` xѤ8"cxH15^6"B@ ˸tn,SVXKr!}&=C٠lkhنԟ{+*q֭ Bf/3۟bB!|J'ϓgԢᬖ^}+ ɏX=Na0OO3)Wy^={QÊĶ;v'#塺1&5 \:`Q Sup7߁؉ ?O.yrjQDK%9Aܩfʳ0q!~w H t{D[w.|ʜ(=}!GFzzy}:9oa`JgnnהŞ`4 }Jpڗ{qO n<]1nglL'#I"ɫ:w7}YpJUWVr{ѩc+N c,n%P2Y;pOҠcÙc}d<ݸ;w{f1vn {~mI.e~W({_bOk$J骇\%(S]MZZ|W%0.րAh3Ӕ \;M]1(6 ]p =`[Qʨ,S?ZgYEKT_po'!M.5oYO,H,IUI?ytFR^\Vk{)܂J [#*U j)4{Lk1"$7tyr6)R&rByd} )Ge 5x<>% > 0q~܈< CDDCGEQ4,7o{ HmFL}%$)~ ZӝZ\V .O;A/۪i ԥaJ4om' _0U;#9ړ޳(X6s 7S鄎}ƺm R)Jkx6W풰]R%]%v`}29y,ȼ24-y`z -(ھcC02e>hB%LKJQժ5r-64P>Bm0{ډtBIaף_H$Y`mɧ6pU:ݶRםPΖO-<` 0D t  3w=D{'t뻼%H9͖cN]XֆӉ&]g:*eXĕ̵oMlrdme}Kgt-۔JŊ&l(Qi 4LXe\+GߘoqHַ{oӒ~Z~Z~Z~ZqeY;,okU xElX/C޳ֵ-bR#zQ8I}ef{#ŵ_!ߣI3?8mwCM~֔jV}{#7=1c*%Y=S-]SwjSNm.m'xL}xm07g δX`WmH ]זXjzkVߌe}׾*+\{c3k т}eֵk:bIb"Lc!1o|OZԋMX+B}kE6v~sTBwZX~Pk  ^ݴ07C˶u *ӕeH Ԃr'!Pv gz}1<j xyJDzuO+gWwm}+z7WJo#_)=j%}$G]He+,A.WFWiåKW5MSݶ Hf/ Ze+8~@3kn{%⴦f5NMdMLHj~жc+@m\ ն|[`8NċTTO0m}m-6bR2Y,3{Cˬewbp{,FӺ ( ʬkrC$I3Ʊ;}!b8cET0̭,YLdfIäjpBh<)Np`]g34޵w fL鋍H*XN}M| i2О$/CM#}C$&pP]}zUcccbbaL'M_> LAfű?yxC];?Ex9:\Gȟ DŢW\Vgz@R(kX5Xm)ȁ;]ĆWc#kx|]:DYF75i.=]Meos|+A#샒=%hٽH!,q(Dsq1G?:xS[|%[aZo[+W#rd! `,%7TXAKpĻ(ĒI c{$h#8iLʃz^B=!sj41!^;r>&ƘKjx VQՒ|Rӊ,w)]dDo=0:էBZcn GTG(RM` ob]g5̈ q7yml_z^3olؕVvn&+m'hzBRKovgO%٫c56غsjS.ܲh 7pK#$:ҡąCqA{ Э%iHϚPFK,kG J6K%O~)+j1w[ w5kMtP*4#A2؋i{㽻Ԙo%5DXCeLfNx4}юMUbtm-R@wyj 4Zu-u{ cD̋:S%g+/Yqc[RJBYIc0 ":;M[f:'纣;~  AStt _/Hk4oDah+nO5qI }Tbt4da71儔JzN[;áeŧ1iL(Zx5C c  Ą[)bUfwܠ~z*ڟOk^nnʏZUF dM,Ë||U1n|%w[% ۶6 B|BG`߄c XPp]A9(WTD~^ N F̋XH t8,$:Wem{A=~IzDLRO7 \ND>_ _!߰,VIm{7R[ $y?ZEDW# `x%I(zѾ WEkt^ y|P_[3svg7ōR_c`j$6$ER+fwgA-=2.V<?pa)?Do9fkHjqC93j_nʡR0F$u*̀ Zjh\IED#ThbGB#M=/7.nrj5-i`Ik„0'ld Dps= demDRPi ct߰Þ1;WHs}%ߺH"V|8s =J< r׺`F1_ H"51XJdz.JgeEt037 j1C(nbJ zI8F7l;͚;m֓Omj6^䅭}*4]67a\nq4ħEG:W\=4yD}n"(%7(-o֗6S(d#֗7VF)/?e#cF?~O۹y{}yпvF?Ӿ(3K7WQʿ//Č/3Y\f2?/?/3e*P93(ˌr߫ʐ+@;dN~kQ&7.ޯPO_23*>g9~P~U{mF$)cF5qvJEsQ^O2T}UUKC(ge3VNa{Ar!Wge_7C@/q>}}i&R+ ]YKxM}%kk[Z1nvd}חG{1Pi +{yD2 s hxVydb byeÿVPw;]CҤ]j.{%])r-XѧZ}5_99qLkdžȾ>ژz͉(c#h .Ñpx剹?|k2xq0@ۓ{o\pۭ⦠ϻ]O-~kOW=M-.nmG;yh#U]2"T_;YoG췡^? 쏧}=G}x[Йq%[ޢD);Fyk@-g}N4\șP=wap.w%^x6,0G1i!TH7304F{Wj`5)#Q IvCx]=bGОf@L V8e<>/j=1N45~/P<틒ՍPಓH+1IB m`Z(>/t} _X/K]v`;LxŇ tπxŶ/G㿄&I;0W׽~rh`=E('ѭ|\k,##1苌Y MЦ #{k*q8w i!sPFK_a "s HaCv:k2=ju"춯I׵g=8*n~!bY~l'PUE0@$=Cf K>QcЁ2^SXNՂ[#rF331F#qyU YT8[T"?&;Ŝz JJ @b S%Jvu =c,b9?v"ㅰx!Z^y|XT ,sD?>K:[1U)ւ_6/gwd#.X&">m?'.}Nu;Kx|j7^Oe]ZQYɶz SO~nO(Coݒ\k<>ciЄΧ^p穎TU|JA1^ŔK ]'[٧3й?-{/ e; M_{ QFbFݹ9N]Rjã ,c<ԭ<P0_C^M.vj]nBQXƺa#]hT_ !^UDǮs^kǺgym |Ua=tksa&igNbkc/φŀd_qxN|L/ة9uVul g)C2^#s!oYX&7ęV /kti( aaXe .^sƠ{ej xٚջHR#SL味Ðy6#xL ꟭eTUA$摝7yM1uc*P)V []jq۩ g۲M*d.%rR⊫_fDNƇ̚J܄;66BKFslx61]Cn)