Viral movies possible with RealNetworks' RealPlayer flaw

GristyMcFisty warns us that there is a flaw in RealNetworks' RealPlayer media player software. The flaw allows fake movie files to be
played which can launch a program instead. The problem appears in RealPlayer 10 for Windows and Mac OS X, the
RealOne Player for Windows and Mac OS X and the Real Helix Player for
Linux.


"Anyone who has RealPlayer is affected, and there are many people
with RealPlayer," said Marc Maiffret, chief hacking officer at software
security company eEye Digital Security, the company that discovered the
security issue.


Similar to the recent flaw in Windows applications
that handle the JPEG image format, this vulnerability affects a widespread
piece of software and could be used to create a virus.


"It's similar to the JPEG flaw in the sense that just
by viewing the file, or having the file 'force viewed' through a Web
browser, your system can be compromised," Maiffret said. "I think both
this JPEG vulnerability and the RealPlayer vulnerability are good examples
of a type of threat that is becoming more prevalent: client-side
vulnerabilities."


Rather than finding a security hole in the operating
system and gaining direct access to a computer, attackers are now
increasingly looking at exploiting widely used applications.


"Most security software...is not able to defend itself
well against these client-based vulnerabilities, leaving companies with
few alternatives other than patching," Maiffret
said.

You have been
warned...

Source: News.com

No posts to display