P2P-Zone

P2P-Zone (http://www.p2p-zone.com/underground/index.php)
-   Peer to Peer (http://www.p2p-zone.com/underground/forumdisplay.php?f=5)
-   -   Real Player Struck By Massive Security Hole (http://www.p2p-zone.com/underground/showthread.php?t=18718)

JackSpratts 07-02-04 08:18 PM
Real Player Struck By Massive Security Hole
 
System Access Just One Song Away

Kieren McCarthy

Media player Real Player - one of the most used pieces of software on the Internet - has been struck by several highly critical vulnerabilities that could allow a malicious user system access to your PC.

Jouko Pynnönen and Mark Litchfield of NGSSoftware have discovered that by creating altered media and Real Media files (with the filenames .rp, .rt, .ram, .rpm and .smil) it is possible to cause a buffer overflow and run code on the user’s PC.

All the user would have to do is click on the link and the file’s author would be able to run whatever program they liked on the host PC. This is not good.

Thankfully, the discoverers informed Real and kept schtum until the company had produced a patch, which was made available today. The issue affects virtually all the company’s players including RealPlayer 8, RealPlayer 10, RealOne Player v1, RealOne Player v2 and RealOne Enterprise Desktop.

It is strongly advised, therefore, that anyone with a Real Player click on the Tools menu and “Check for Update” to download the necessary patches. The problem though - as ever - is how many people will, how long it will take them and how much trouble can be created in the meantime.

A huge percentage of Real users make sure that automatic updating is turned off due to the company's constant efforts to get them to upgrade to a pay-for version of the player. Even if the update check is run, the 9MB update to fix the vulnerabilities is not very clearly flagged and doesn't appear to be very important. Real, it seems, still has much to learn about how to deal with security holes.

For more info visit Real’s site here, or NGSSoftware’s page on the problem here.
http://www.techworld.com/news/index....ews&NewsID=986

AweShucks 07-02-04 09:27 PM
If it wasn't for some websites forcing you to use Realplayer for streaming video would anyone even use this garbage:PO:

Quote:
Real, it seems, still has much to learn about how to deal with security holes.
They got alot more to learn than just that :RE:

Squid 07-02-04 11:00 PM
Buffering............................

zombywoof 08-02-04 12:43 AM

napho 08-02-04 05:24 AM
Quote:
Originally posted by zombywoof
No need to:

Real Alternative

Works with Media Player Classic .

Unfortunately many streams don't work with the Real Alternative. You could download them but sometimes webmasters play hide and seek with their content and it becomes difficult.

zombywoof 08-02-04 08:14 AM

theknife 08-02-04 08:54 PM
i hate #&*% Real Player:MAD:

i have to use it to load my Rio mp3 player...what should be just a simple drag-and-drop operation is a bloated, tedious, time consuming process via Real Player.

zombywoof 08-02-04 10:42 PM

Mazer 09-02-04 12:22 AM
Fortunatly RealOne crashes every time I try to play a stream on my computer, so I have no temptations to use it anymore. ;)


All times are GMT -6. The time now is 09:24 AM.

Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
© www.p2p-zone.com - Napsterites - 2000 - 2024 (Contact grm1@iinet.net.au for all admin enquiries)