更新到â€在Wildâ 發現的œRealPlayer€弱點
被發現的更多弱點; 受影響的更多平臺
嚴肅: 高
2007年10月26日,
更新:
在星期一10月22日,我們出版了 戒備 關於在窗口影響RealPlayer 10.5和RealPlayer 11 beta賽跑的一個嚴肅的弱點。 通過誘惑你的一名用戶到一個惡意網站,攻擊者在您的用戶的計算機可能利用這個弱點執行代碼,以您的用戶的特權。 在最壞的情景,攻擊者能取得總對受害者的個人計算機控制。 RealNetworks發布了補丁給問題的固定。 然而,看起來更新指示了RealNetwork安全孔起點。
晚昨天, RealNetwork發布了第二批 安全更新 這個星期,這次在他們的傳媒播放裝置產品系列的固定六個嚴肅的弱點。 這什麼您需要知道新的缺點。
新的缺點比更加早期的缺點,包括在OS x和Linux跑的產品影響許多產品。 受影響的產品現在包括:
- RealPlayer 8, 10, 10.5, 11為窗口, Mac和Linux
- RealOne球員v1和v2為窗口和RealOne球員屬於Mac
- RealPlayer企業
- 螺旋球員10.0.x為Linux。
雖然這些新的缺點與互相技術上不同,他們分享許多相似性。 例如,全部六個缺點介入 緩衝溢出弱點 觸發,當RealPlayer解析特別地被製作的中檔案。 他們也分享同一範圍和衝擊。 如果攻擊者可能誘惑你的一名用戶入下載一本惡意地被製作的中檔案,則演奏它在RealPlayer,攻擊者在那名用戶的計算機可能利用這些弱點中的任一個執行攻擊代碼。 根據用戶的特權,攻擊者能甚而利用這些缺點取得對victimr的機器控制。 在缺點中的唯一的著名的區別是攻擊者使用一個不同的中檔案格式剝削每一個。 觸發這些缺點的潛在地危險中檔案是:
- RealMedia文件 (.rm)
- MP3 音頻文件(.mp3)
- 閃光 文件(.swf)
- RealAudio變數據 文件(.ram)
- 播放表 文件(.pls)
- 同步的多媒體綜合化語言 文件(.smil)。
不同於報道的缺點在我們的10月22日機敏, RealNetworks有 沒有 被發現的攻擊者在狂放的利用這些新的缺點。 但是,這些安全孔形成一個嚴重的威脅RealPlayer用戶。 當您能,您應該下載,測試和部署這些新的補丁, 是否您從星期一運用了早先RealPlayer更新. 怎麼您下載更新根據哪個產品不同您使用。 參見「指示」部分 RealNetworks security update for detailed directions on patching the different media player products.
As a convenient reference, we’ve duplicated the 22 October RealPlayer alert, below. You can also find it in the LiveSecurity Latest Broadcasts archive.
Summary:
Late Friday, RealNetworks released a patch for a critical vulnerability affecting RealPlayer 10.5 and RealPlayer 11 beta running on Windows. By enticing one of your users to a malicious Web site, an attacker can exploit this vulnerability to execute code on your user’s computer, with your user’s privileges. In the worst case scenario, the attacker could gain total control of the victim’s PC. If you allow the use of RealPlayer in your network, have your users upgrade immediately.
Exposure:
RealPlayer and RealOne Player are widely-used software for Internet media delivery. RealOne Player plays virtually every major Internet media format, including Windows Media, Quicktime, MPEG-4, and even DVDs. If you’ve watched streaming videos on the Internet, or listened to music samples while buying CDs online, you’ve probably encountered RealPlayer.
WatchGuard does not recommend using RealPlayer or RealOne Player, partly because both contain automatic communication features which, by default, let RealNetworks and RealNetwork’s “partners” (such as NASCAR and CNN) install software on your client computers. But in reality, many of your users have probably installed one of these products, with or without your permission.
In a security update released late Friday, RealNetworks warned of a new vulnerability that affects RealPlayer 10.5 and 11 beta running on Windows. (OS X and Linux users are not affected.) The flaw, discovered in the wild by Symantec, involves a buffer overflow vulnerability in one of RealPlayer’s ActiveX controls (specifically, ierpplug.dll). By enticing one of your users to a malicious Web site, an attacker can pass an over-long parameter to the vulnerable ActiveX control, which triggers the buffer overflow flaw. The attacker can then exploit the flaw to execute code on your user’s computer, inheriting your user’s privileges. Windows administrators often give users local administrator rights. If the exploit is successful in that context, the attacker would gain complete control of your user’s machine.
Symantec found attackers exploiting this vulnerability in the wild. In other words, the bad guys found the flaw first and are actively using it to break into computers. If you use RealPlayer in your network, this vulnerability poses a critical risk. You should apply RealNetwork’s update immediately.
Solution Path:
RealNetworks has released a patch to correct this vulnerability. Clients who use RealPlayer 10.5 or 11 beta in Windows should upgrade immediately, or remove the software entirely. You can download RealNetwork’s patch here.
For All WatchGuard Users:
The vulnerability described in our alert uses normal HTTP traffic, which you must allow for your users to browse the Web. If you use RealPlayer in your network, you should download RealNetwork’s update as soon as possible.
Status:
RealNetworks has issued a Security Update that fixes the problem.
References:
Written by bardissi. Read more great feeds at is source WEBSITE
no comments.
Read more articles on Watchguard and Student Computing and Non-Profits and Spyware & Malware and Computer Security and Microsoft and Network Infrastructure and Windows XP and Business Computer Support and Home Computer Support and Non-Profit Technology and Windows Vista.
- [+] Digg: Feature this article
- [+] Del.icio.us: Bookmark this article
- [+] Furl: Bookmark this article
