RealPlayer flaws open PCs up to hijackers
- Subject: RealPlayer flaws open PCs up to hijackers
- From: Gary Stoneburner <gary.stoneburner@nist.gov>
- Date: Fri, 06 Feb 2004 10:22:08 -0500
- Content-Type: multipart/alternative; boundary="=====================_254169359==.ALT"
re:
http://zdnet.com.com/2100-1105_2-5154193.html
"RealNetworks acknowledged on Wednesday that three flaws affecting
different versions of its media player could allow attackers to create
corrupt music or video files that, when played, take control of a
victim's PC. The flaws, found by U.K.-based Next-Generation
Security Software, can affect RealNetworks' RealOne Player, RealOne
Player version 2, RealPlayer 8, RealPlayer 10 Beta, and the company's
RealOne Enterprise products. To exploit them, an attacker crafts the data
in a media file in a certain way. When people play or stream the
corrupted file in a vulnerable version of RealPlayer, the attacker's code
will run, compromising the PC."
Not too many years ago getting hacked through a music file would have
seemed ridiculous. But because of the way we have mingled data and
executable all bets are off :-).
Cheers,
Gary
**************************************************************************
* Opinions expressed are not intended to reflect an official
position
**************************************************************************
* Gary
Stoneburner
* Computer Security Division, National Institute of Standards &
Technology
* 100 Bureau Drive, Stop 8930, Gaithersburg, MD
20899-8930
* Phone: 301-975-5394, FAX: 301-948-0279, Email: Stoneburner@nist.gov
*
http://csrc.nist.gov/staff/stoneburner/gshome.html
**************************************************************************
Date Index |
Thread Index |
Problems or questions? Contact list-master@nist.gov