p2pnet news | Music:- It’s déjà vu all over again for RealNetworks.

A couple of years back it was being hit with one security problem after another, including a remotely and locally exploitable hole identified in Realplayer and Helix Player, “which could be used by hackers to execute arbitrary commands,” as p2pnet posted at the time.

Now, hackers are actively exploiting an in-the-wild zero-day hole in RealNetworks’ RealPlayer media player with people using Microsoft Windows, says Symantec.

The vulnerability is hitting the latest versions of RealPlayer and RealPlayer 11 BETA and affects an ActiveX object in the RealPlayer component ierpplug.dll, it says, going on:

The DLL has been exploited in the past, although only remote denial of service was achieved at the time. It appears that the miscreants have refined their technique to achieve code execution. The parameter passed to the vulnerable method of the ActiveX control appears to allow only character strings, which is most likely why the shell code is made up of only English letters (A~Z) and numbers (0~9). These characters can be read directly by Intel IA-32 CPUs modifying machine code instructions on-the-fly.

The malicious .html page checks several versions of RealPlayer to determine if the installed application is vulnerable. If it is, the attacker can potentially take control of the computer. Trojan.Reapall, the sample we received, successfully exploits this RealPlayer vulnerability and downloads and executes a copy Trojan.Zonebac.

Additionally, when the vulnerability is successfully exploited, the clip named “videotest” from the “My Library” folder, available in standard installations of RealPlayer, will be played.

Anyone with RealPlayer installed is at risk as soon as they land on a malicious webpage, and the player doesn’t even need to be running, says Symantec.

However, RealNetworks has now released a fix, stressing:

“Macintosh and Linux versions of RealPlayer are not at risk for this vulnerability. In addition, RealPlayer 8 and earlier versions of RealNetworks software for Windows are not affected.”

Slashdot it!

Also See:
déjà vu – Critical RealPlayer security hole, September 28, 2005
Symantec – RealPlayer Exploit On The Loose, October 19,l 2007

---

Use free p2pnet newsfeeds for your site. It’s really easy!
Subscribe to p2pnet.net | | rss feed: http://p2pnet.net/p2p.rss | | Mobile – http://p2pnet.net/index-wml.php

---

Net access blocked by government restrictions? Use Psiphon from the Citizen Lab at the University of Toronto. Go here for the download, and here for details. Click here or here to learn how to by-pass censorship in your area.

This entry was posted on Monday, October 22nd, 2007 at 10:20 am and is filed under Music. You can follow any responses to this entry through the RSS 2.0 feed. You can skip to the end and leave a response. Pinging is currently not allowed.

HOME

Viewed 1896 times