Posted on 01/25/2002 6:49:06 AM PST by Reaganwuzthebest
RealNetworks will release a patch for a security flaw in its RealPlayer 8 software that could allow a rogue site to crash the player and potentially execute malicious code.
According to a company spokesperson, the patch will correct a buffer overflow bug reported to RealNetworks last week by Tim Morgan, an Oregon-based security expert. The media firm will distribute the patch to users through its automatic update service beginning Friday.
The RealPlayer 8 is used by millions of Internet media fans to play a variety of audio and video file types, including proprietary formats developed by RealNetworks. The player is installed on 90 percent of all home PCs in the U.S., according to the company.
By altering the header information in Real media files, it is possible to overflow the player's memory buffers and cause it to crash, Morgan discovered. As a demonstration, Morgan posted at his site a modified version of a sample media file that ships with the RealPlayer.
Morgan said that tests have shown that both the Windows and Unix versions of RealPlayer 8 contain the flaw.
Buffer overflow bugs, such as the recent universal plug-and-play flaws found in Windows XP, are dangerous because they can allow attackers to force the system to run "arbitrary code" after the program crashes.
Morgan categorized the RealPlayer 8 flaw as a medium security risk because he was unable to determine how to exploit the flaw to run such code. But he said others with more skill may be able to exploit the vulnerability.
"It is just a matter of time before someone discovers a string that gets them onto the stack with arbitrary code execution. That is, if someone hasn't already," wrote Morgan in an updated advisory published today at his Web site and submitted to security mailing lists.
According to RealNetworks' representative Erika Shaffer, the firm believes the security flaw can only be used as a denial of service attack.
"The bug as far as we can see doesn't allow an attacker to run their own programs, and we have had no other reports about it," said Shaffer.
Marc Slemko, a Seattle-based security expert and co-founder of the Apache Software Foundation, said that many buffer overflow bugs can be exploited to run code. But he noted that "there are a variety of things that could conspire to prevent an exploit from being easy or possible."
"If an exploit is found and disseminated through the black hat community, the impact could be very far reaching," said Morgan.
The RealPlayer is the second most widely used Internet-based software application in the world, according to RealNetworks. Yet the program has been relatively free of security flaws.
A software vulnerability database maintained by SecurityFocus, a security information and consulting firm, revealed that the last previous bug in RealPlayer was publicized in Apr. 2000. That flaw, also a buffer overflow, was limited to the Windows version of the player, according to the reporter.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.