High-Risk RealPlayer Flaws Patched - 1

RealNetworks rolls out new versions of its flagship media player software to fix a pair of potentially dangerous security holes.

RealNetworks Inc. on Wednesday rolled out new versions of its flagship RealPlayer software to zap a pair of potentially dangerous security bugs.

In an advisory, the digital media company, based in Seattle, confirmed that the security holes could cause buffer overflows and allow an attacker to run malicious code on vulnerable machines.

Affected products include RealPlayer 8, RealPlayer 10.x, RealOne Player v1 and v2, Helix Player 1.x and the RealPlayer Enterprise 1.x.

Independent research outfit Secunia rates the flaws as "highly critical."

RealNetworks is urging RealPlayer users to upgrade to the fixed versions via the "check for update" feature on the media player.

Patches for RealPlayer Enterprise can be downloaded here, while separate download locations for Linux users and customers running the Helix Player have also been posted online.

iDefense Inc., the research company credited with reporting one of the vulnerabilities, said the most serious bug could cause remote exploitation of a stack-based buffer overflow vulnerability in the SMIL (Synchronized Multimedia Integration Language) file format parser.

/zimages/5/28571.gifRead more here about iDefense disclosing a vulnerability in a popular Web stats logging application.

SMIL is a markup language used for specifying how and when a media clip is played within a presentation and is supported within the RealPlayer infrastructure.

iDefense warned that an attacker could craft a malicious .smil file and convince a user to open it.

"An attacker could also force a web browser to refresh and automatically load the .smil file from a normal Web page under the attackers control," according to the iDefense advisory.

In default installations of RealPlayer under Windows, the company said the Internet Explorer browser will not prompt the user for an action when encountering a .smil file. "It will open it without delay, thus allowing a more effective method of exploitation."

A second boundary error within the processing of WAV files can be exploited to cause a buffer overflow via a specially crafted WAV file, RealNetworks said, crediting U.K.-based NGS (Next Generation Security) Software Ltd. for reporting the flaw.

The patches from RealNetworks come as crosstown rival Microsoft Corp. is struggling to deal with bugs in its Windows Media Player and points to a growing trend of using digital media files for cracker attacks.

/zimages/5/28571.gifTo read more about Microsofts difficulties in preventing attacks through its Windows Media Player, click here.

Last month, security researchers warned that attackers could combine two unrelated—and unpatched—vulnerabilities in RealPlayer and Internet Explorer to launch malicious hacker attacks on PCs.

Exploit code that could cause system bypass attacks was released on the Web, potentially putting millions of RealPlayer users at risk.

/zimages/5/28571.gifCheck out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.