更新到â€在Wildâ 发现的œRealPlayer€弱点
被发现的更多弱点; 更多平台影响了
严肃: 高
2007年10月26日,
更新:
在星期一10月22日,我们出版了 戒备 关于在窗口影响RealPlayer 10.5和RealPlayer 11 beta赛跑的一个严肃的弱点。 通过诱惑你的一名用户到一个恶意网站,攻击者在您的用户的计算机可能利用这个弱点执行代码,以您的用户的特权。 在最坏的情景,攻击者能取得总对受害者的个人计算机控制。 RealNetworks发布了补丁给问题的固定。 然而,看起来更新指示了RealNetwork安全孔起点。
晚昨天, RealNetwork发布了第二批 安全更新 这个星期,这次在他们的传媒播放装置产品系列的固定六个严肃的弱点。 这什么您需要知道新的缺点。
新的缺点比更加早期的缺点,包括在OS x和Linux跑的产品影响许多产品。 受影响的产品现在包括:
- RealPlayer 8, 10, 10.5, 11为窗口, Mac和Linux
- RealOne球员v1和v2为窗口和RealOne球员属于Mac
- RealPlayer企业
- 螺旋球员10.0.x为Linux。
虽然这些新的缺点与互相技术上不同,他们分享许多相似性。 例如,全部六个缺点介入 缓冲溢出弱点 触发,当RealPlayer解析特别地被制作的中档案。 他们也分享同一范围和冲击。 如果攻击者可能诱惑你的一名用户入下载一本恶意地被制作的中档案,则演奏它在RealPlayer,攻击者在那名用户的计算机可能利用这些弱点中的任一个执行攻击代码。 根据用户的特权,攻击者能甚而利用这些缺点取得对victimr的机器控制。 在缺点中的唯一的著名的区别是攻击者使用一个不同的中档案格式剥削每一个。 触发这些缺点的潜在地危险中档案是:
- RealMedia文件 (.rm)
- MP3 音频文件(.mp3)
- 闪光 文件(.swf)
- RealAudio变数据 文件(.ram)
- 播放表 文件(.pls)
- 同步的多媒体综合化语言 文件(.smil)。
不同于报道的缺点在我们的10月22日机敏, RealNetworks有 没有 被发现的攻击者在狂放的利用这些新的缺点。 但是,这些安全孔形成一个严重的威胁RealPlayer用户。 当您能,您应该下载,测试和部署这些新的补丁, 是否您从星期一运用了早先RealPlayer更新. 怎么您下载更新根据哪个产品不同您使用。 参见“指示”部分 RealNetworks security update for detailed directions on patching the different media player products.
As a convenient reference, we’ve duplicated the 22 October RealPlayer alert, below. You can also find it in the LiveSecurity Latest Broadcasts archive.
Summary:
Late Friday, RealNetworks released a patch for a critical vulnerability affecting RealPlayer 10.5 and RealPlayer 11 beta running on Windows. By enticing one of your users to a malicious Web site, an attacker can exploit this vulnerability to execute code on your user’s computer, with your user’s privileges. In the worst case scenario, the attacker could gain total control of the victim’s PC. If you allow the use of RealPlayer in your network, have your users upgrade immediately.
Exposure:
RealPlayer and RealOne Player are widely-used software for Internet media delivery. RealOne Player plays virtually every major Internet media format, including Windows Media, Quicktime, MPEG-4, and even DVDs. If you’ve watched streaming videos on the Internet, or listened to music samples while buying CDs online, you’ve probably encountered RealPlayer.
WatchGuard does not recommend using RealPlayer or RealOne Player, partly because both contain automatic communication features which, by default, let RealNetworks and RealNetwork’s “partners” (such as NASCAR and CNN) install software on your client computers. But in reality, many of your users have probably installed one of these products, with or without your permission.
In a security update released late Friday, RealNetworks warned of a new vulnerability that affects RealPlayer 10.5 and 11 beta running on Windows. (OS X and Linux users are not affected.) The flaw, discovered in the wild by Symantec, involves a buffer overflow vulnerability in one of RealPlayer’s ActiveX controls (specifically, ierpplug.dll). By enticing one of your users to a malicious Web site, an attacker can pass an over-long parameter to the vulnerable ActiveX control, which triggers the buffer overflow flaw. The attacker can then exploit the flaw to execute code on your user’s computer, inheriting your user’s privileges. Windows administrators often give users local administrator rights. If the exploit is successful in that context, the attacker would gain complete control of your user’s machine.
Symantec found attackers exploiting this vulnerability in the wild. In other words, the bad guys found the flaw first and are actively using it to break into computers. If you use RealPlayer in your network, this vulnerability poses a critical risk. You should apply RealNetwork’s update immediately.
Solution Path:
RealNetworks has released a patch to correct this vulnerability. Clients who use RealPlayer 10.5 or 11 beta in Windows should upgrade immediately, or remove the software entirely. You can download RealNetwork’s patch here.
For All WatchGuard Users:
The vulnerability described in our alert uses normal HTTP traffic, which you must allow for your users to browse the Web. If you use RealPlayer in your network, you should download RealNetwork’s update as soon as possible.
Status:
RealNetworks has issued a Security Update that fixes the problem.
References:
Written by bardissi. Read more great feeds at is source WEBSITE
no comments.
Read more articles on Watchguard and Student Computing and Non-Profits and Spyware & Malware and Computer Security and Microsoft and Network Infrastructure and Windows XP and Business Computer Support and Home Computer Support and Non-Profit Technology and Windows Vista.
- [+] Digg: Feature this article
- [+] Del.icio.us: Bookmark this article
- [+] Furl: Bookmark this article
