Realplayer Vulnerability

Corrine · January 05, 2008, 06:42:27 PM

See SANS Diary: http://isc.sans.org/diary.html?storyid=3810

From: http://secunia.com/advisories/28276/

QuoteRealPlayer Unspecified Buffer Overflow Vulnerability
Secunia Advisory:    SA28276
Release Date:    2008-01-03

Critical:
Highly critical
Impact:    System access
Where:    From remote
Solution Status:    Unpatched

Software:   RealPlayer 11.x

Workaround: Avoid Realplayer!

MikeW · January 05, 2008, 08:47:55 PM

Real Alternative 1.75 (Freeware)

Works well for me

Corrine · January 05, 2008, 09:29:20 PM

URL? (Sorry, I'm all Googled out for today. :lol: )

Ripley · January 05, 2008, 09:50:42 PM

There had been some broadcasts/interviews at my local NPR station (.ram & .smil files) that caused me to change my mind and install RealPlayer back in Sept. I find it to be a most annoying media player.

If this is the one you are recommending Mike, I'll take the alternative > http://filehippo.com/download_real_alternative/

Thanks

Paddy · January 05, 2008, 10:49:39 PM

Just caught this thread and checked this one remember seeing something about this..

http://sunbeltblog.blogspot.com/

Quote
More on RealPlayer zero day
As sometimes goes in this business, misinformation slips through the cracks.

In my post earlier today, I had said that code had been published on this exploit, which makes it very serious.

However, it turns out that this is likely not the case. I was misinformed.

No source code published means a greatly reduced threat level.

I've updated my original blog post as well.

Alex Eckelberry

Quote

Heads-up: RealPlayer Zero Day
Update/Correction: I was misinformed -- it appears that the code has not actually been released, which greatly reduces the threat.

This is actually serious — an unpatched RealPlayer vulnerability.

The code has been published, but we have not seen it being used. However, it could go live at any minute.

There is no known workaround. While the vulnerability has been reported for version 11 of RP, it's unknown whether or not other versions (or alternatives) are affected.

With the current rash of malicious ad banners, one has to take extra care. The MySpace malicious banner ads were using the Neosploit exploit framework. This particular vulnerability, as far as we know, has not been released into that framework, but if it does, we have a real problem.

Heck, now is as good a time as any to get rid of that awful player.

More info:

Sans advisory (worth reading)
Secunia
FrSIRT

Alex Eckelberry
(Thanks Francesco)

numbnuts.. :shock:

MikeW · January 06, 2008, 08:37:27 AM

Quote from: ripley on January 05, 2008, 09:50:42 PM
There had been some broadcasts/interviews at my local NPR station (.ram & .smil files) that caused me to change my mind and install RealPlayer back in Sept. I find it to be a most annoying media player.

If this is the one you are recommending Mike, I'll take the alternative > http://filehippo.com/download_real_alternative/

Thanks

Thats the one! Sorry I should have posted the link.

Vietnam Vet · January 06, 2008, 05:48:02 PM

Real Alternative link: changelog, info, other download links, etc.
http://www.codecguide.com/about_real.htm

Same site as QuickTime Alternative which has an update topic located in the General Software News, Updates & Discussions forum. I can add in a topic for the Real Alternative, when I get a few minutes, if people want to be kept informed on the updates and changes for it, as well.

Paddy · January 08, 2008, 12:01:33 AM

Vietnam Vet, I know you are busy with all the up dates you do here and other forums,
I for one wouldn't mind if you started a thread in the updates forum .. :Hammys pint:

Paddy... :thumbsup:

Vietnam Vet · January 08, 2008, 03:32:08 PM

Hi,

Well, it's been a little hectic for me for the last few days, but ironically, it had nothing to do with a computer. Will add that topic in as soon as possible.

Best wishes,
VV

Corrine · January 09, 2008, 12:18:21 AM

Thank you, VV. I hope all is well now. I know everyone else is as happy to see you back as I am -- just take time for R&R. :rose:

Vietnam Vet · January 09, 2008, 03:38:12 AM

Hi Corrine,

We are doing OK here. Biggest problem lately has been time. Doesn't seem to be enough hours in the day any more. :)

Willy · January 18, 2008, 02:16:24 PM

I thought RealAlternative / QuickTime Alternative shared certain key components with RealPlayer / QuickTime. Are the alternatives actually any safer? (I prefer to use them, anyway)

Vietnam Vet · January 18, 2008, 11:42:25 PM

Hello Willy,

The latest version of Real Alternative v1.7.5 uses version 6.0.12.1662 of the RealMedia components rather than the version 6.0.14.748 components which are specifically flagged by the Secunia Advisory. That does not mean that version is not affected, just that it wasn't tested. No guarantees there.

QuoteSome advantages compared to RealPlayer:

Quick and easy install
It's easy to make an unattended installation
Proper uninstallation
No background processes
Use a player of your own choice
Low on resources
No advertising, no registration forms, nothing annoying

I do not use Real Alternative, or any media player for that matter, so I have no first hand knowledge, but it would seem to me that the biggest advantage to Real Alternative is the lack of the additional baggage that comes with RealPlayer. Media Player Classic is supposed to be able to play the RealMedia files better than other players and Real Alternative gives you the ability to easily use that option.

As with most situations, don't open untrusted media files or cruise untrusted websites. That is your safest option. Since the vulnerability in RealPlayer is caused by an unspecified error and no further information was made available, it would be hard to give an answer that was infallible.

Best wishes,
VV