Post by Gilby Admirer on Dec 1, 2002 11:53:52 GMT -5
service.real.com/help/faq/security/bufferoverrun_player.html
Updated November 20, 2002
On November 1, 2002 a security exploit affecting RealOne Player was brought to the attention of RealNetworks.
The specific exploit is:
Commonly known as a "buffer overrun", this could allow an attacker to run arbitrary code on a user's machine.
We have not yet received reports of anyone actually being attacked with this exploit. However, RealNetworks, has found and fixed the problem.
The bug is when in a smil file there is a large number of characters in metadata of that file, player would crash when trying to play that smil file. The bug was fixed by fixing the player status code to handle the cases where there are large number of characters in metadata of a smil file.
The second bug is a problem with large file names whether on local/rtsp or http url. The player would crash doing the following: If user right click in Now Playing & select edit clip info or right click in Now Playing & select copy to my Library. This issue was fixed by handling large file names appropriately.
The third bug is essentially a parsing error in the player code associated with loading sources within RealFlash presentations, commonly known as a "buffer overrun" bug which could theoretically be used by hackers to adversely affect users. The bug was fixed by improving the robustness of URL handling in this portion of the product.
Affected Software:
- RealOne Player and RealOne Player V2, US for Windows
- RealPlayer
Workaround:
We have not yet received reports of anyone actually being attacked with this exploit. To ensure that your RealPlayer is protected, we recommend installing the updates available.
RealOne Player for Windows
Go the the site above for the download to install the update.
Warranty:
While RealNetworks endeavors to provide you with the highest quality products and services, we cannot guarantee and do not warrant that the operation of any RealNetworks product will be error-free, uninterrupted or secure. See your original license agreement for details of our limited warranty or warranty disclaimer.
Updated November 20, 2002
On November 1, 2002 a security exploit affecting RealOne Player was brought to the attention of RealNetworks.
The specific exploit is:
Commonly known as a "buffer overrun", this could allow an attacker to run arbitrary code on a user's machine.
We have not yet received reports of anyone actually being attacked with this exploit. However, RealNetworks, has found and fixed the problem.
The bug is when in a smil file there is a large number of characters in metadata of that file, player would crash when trying to play that smil file. The bug was fixed by fixing the player status code to handle the cases where there are large number of characters in metadata of a smil file.
The second bug is a problem with large file names whether on local/rtsp or http url. The player would crash doing the following: If user right click in Now Playing & select edit clip info or right click in Now Playing & select copy to my Library. This issue was fixed by handling large file names appropriately.
The third bug is essentially a parsing error in the player code associated with loading sources within RealFlash presentations, commonly known as a "buffer overrun" bug which could theoretically be used by hackers to adversely affect users. The bug was fixed by improving the robustness of URL handling in this portion of the product.
Affected Software:
- RealOne Player and RealOne Player V2, US for Windows
- RealPlayer
Workaround:
We have not yet received reports of anyone actually being attacked with this exploit. To ensure that your RealPlayer is protected, we recommend installing the updates available.
RealOne Player for Windows
Go the the site above for the download to install the update.
Warranty:
While RealNetworks endeavors to provide you with the highest quality products and services, we cannot guarantee and do not warrant that the operation of any RealNetworks product will be error-free, uninterrupted or secure. See your original license agreement for details of our limited warranty or warranty disclaimer.