A Real exploit
RealNetworks has announced that a vulnerability in the popular RealOne Player and the RealPlayer could let an attacker take over a victim's computer. According to an email published on Bugtraq, both the RealPlayer and the RealOne Player suffer from exploits. NGSSoftware first discovered the bug and reported it to RealNetworks on November 1. NGS says a buffer overflow error occurs when a large amount of data is flooded into a couple of different files, one called the synchronized multimedia integration language (SMIL) file. Two other overflow errors occur when a victim tries to access a particular file either locally or remotely. The resulting data flood causes the RealPlayer's and the RealOne Player's security controls to be compromised.

Even after the patch today, the NGS analyst who discovered the bug said the patch doesn't work. In an interview with The Register, Mark Litchfield said, "The problem is still out there." This was confirmed by Progressive Networks also. They have said that there is confusion about this bug. More here

posted by tommEE  # 11/27/2002 12:42:00 AM
Comments: Post a Comment



<< Home

archives


This page is powered by Blogger. Isn't yours?