- Related Stories
-
Image virus spreads via chat
September 30, 2004 -
JPEG exploit could beat antivirus software
September 29, 2004 -
Plug-in flaw leaves RealPlayer users open to attack
April 8, 2004
The problem means that fake movie files could be created that, when played by vulnerable Real software, would run a program instead. The flaw appears in RealPlayer 10 for Windows and Mac OS X, the RealOne Player for Windows and Mac OS X and the Real Helix Player for Linux.
"Anyone who has RealPlayer is affected, and there are many people with RealPlayer," said Marc Maiffret, chief hacking officer at software security company eEye Digital Security, the company that discovered the security issue.
RealNetworks could not immediately be reached for comment.
RealNetworks has issued patches for the flaw.
The flaw occurs in a component of Real's software that handles Real movie files with the .rm extension, according to eEye's advisory.
Similar to the recent flaw in Windows applications that handle the JPEG image format, this vulnerability affects a widespread piece of software and could be used to create a virus.
"It's similar to the JPEG flaw in the sense that just by viewing the file, or having the file 'force viewed' through a Web browser, your system can be compromised," Maiffret said. "I think both this JPEG vulnerability and the RealPlayer vulnerability are good examples of a type of threat that is becoming more prevalent: client-side vulnerabilities."
Rather than finding a security hole in the operating system and gaining direct access to a computer, attackers are now increasingly looking at exploiting widely used applications.
"Most security software...is not able to defend itself well against these client-based vulnerabilities, leaving companies with few alternatives other than patching," Maiffret said.
See more CNET content tagged:
RealNetworks Inc.,
RealNetworks RealPlayer,
REAL Software,
flaw,
Linux computer
- Where are the comments?
-
by
October 3, 2004 6:18 AM PDT
- I'm completely surprised by the lack of comments on this article.
-
Reply to this comment
-
-
- I would reply....
-
by Earl Benser
October 3, 2004 9:53 AM PDT
- ... but I trashed Real Player some time ago. It's hard to complain
-
View
reply
-
- Well
-
by simcity1976
October 3, 2004 1:26 PM PDT
- MS did it again, oh wait
-
-
(4 Comments)Where are the usual software bashers when a serious flaw is found in a product from a company other than Microsoft? And this affects Linux too! Can you believe it?! You'd think by some of the comments people make bashing MS and the software they create along with the encouragement to drop Windows and move to Linux that Linux didn't have any vulnerabilities at all. Of course, I find that most of the people making comments like that have no idea what they?re talking about to begin with.
If this had been a MS only issue the threads would have been flying in this forum.
about long gone software.
And as far as the company goes, while I do believe that it's staff
is generally less than technically competent, apparently the
company meets the same set of criteria people use to justify
M$'s existance. Well, maybe the net assets category is somewhat
lacking......
no they didn't my bad...