p2p news / p2pnet:- Real Networks’ RealPlayer download application has been plagued by critical security holes, and now another has turned up.

A remotely and locally exploitable vulnerability has been identified in Realplayer and Helix Player, which could be used by hackers to execute arbitrary commands, says FrSIRT Advisory.

“This issue is due to a format string error when processing a specially crafted ‘.rp’ (relpix) or ‘.rt’ (realtext) file, which could be exploited by an attacker to take complete control of an affected system by convincing a user to open a malformed rp/rt file,” it says, going on:

“The exploit code will execute a remote shell under the permissions of the user running the media player, and effects all versions of RealPlayer and Helix Player.”

FrSIRT says it’s not aware of any official supplied patch for the hole.

Something you think we should know? tips[at]p2pnet.net

See:-
plagued - RealNetworks danger warning, June 24, 2005
FrSIRT Advisory - Realplayer and Helix Player Remote Format String Vulnerability, September 26, 2005

This entry was posted on Wednesday, September 28th, 2005 at 7:03 pm and is filed under Uncategorized. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

HOME

Viewed 2179 times