Please support our Tech Talk advertiser:
Featured Entry 
Jan 7th, 2008, 6:29 pm
A posting at Daily Dave, which is part of the Insecure.org security website, by the founder of a Moscow based security vendor called Gleg, would suggest that it's not a very good start to the new year for RealPlayer 11 users.
Gleg Ltd chief technology officer Evgeny Legerov made a very brief announcement regarding the exploit code, a stack overflow bug, which was revealed during a code audit as part of ongoing updates for the VulnDisco penetration testing software that Gleg sells. Interestingly, the posting also contained a link to an online Flash based demo showing the working code exploit in action.
According to Legerov, the version of RealPlayer that was tested an found vulnerable is 11, build 6.0.14.748 and a US-CERT warning confirms that RealPlayer 11 running under WIndows XP SP2 is effected by the exploit. That said, there would appear to be no evidence of this exploit being in the wild, no reports of end users being compromised, and no word from Real as to whether the code works or not, nor if a fix is forthcoming if it does. It has criticised Legerov for posting the exploit code demo without first contacting Real to enable them to investigate and patch oif necessary though.
Gleg Ltd chief technology officer Evgeny Legerov made a very brief announcement regarding the exploit code, a stack overflow bug, which was revealed during a code audit as part of ongoing updates for the VulnDisco penetration testing software that Gleg sells. Interestingly, the posting also contained a link to an online Flash based demo showing the working code exploit in action.
According to Legerov, the version of RealPlayer that was tested an found vulnerable is 11, build 6.0.14.748 and a US-CERT warning confirms that RealPlayer 11 running under WIndows XP SP2 is effected by the exploit. That said, there would appear to be no evidence of this exploit being in the wild, no reports of end users being compromised, and no word from Real as to whether the code works or not, nor if a fix is forthcoming if it does. It has criticised Legerov for posting the exploit code demo without first contacting Real to enable them to investigate and patch oif necessary though.
This blog entry was written by Bill Andad, staff writer aka newsguy. It has received 1,413 views, 0 comments, and 11 linkbacks. 1 voter has rated this entry 5 out of 5 stars. It was promoted to featured status Jan 7th, 2008.
•
•
•
•
advertising apple botnet browser business crime data development email environment europe facebook firefox forensic gaming google hacking hardware help ibm internet iphone ipod law legal linux malware microsoft mobile mozilla news phishing privacy research search security social networking software spam survey technology trojan uk video virus vista web windows yahoo youtube
All Recent Tags Post Comment
•
•
•
•
Only community members can start a blog or comment on blog entries. You must register or log in to contribute.
•
•
•
•
•
•
•
•
DaniWeb Tech Talk Marketplace
Related Blog Entries
- Intel To Focus on Devices, Again (9 Hours Ago)
- New Xbox 360 Dashboard next month (12 Hours Ago)
- 5-4-3-2-1 your website in infected (1 Day Ago)
- Apple ships 2.5 million Macs, sells 11 million iPods and 717,000 iPhones in just 3 months (2 Days Ago)
- Limbo 2 Trojan comes complete with guarantee of invisibility (3 Days Ago)
- More Dark Spots on Apple's MobileMe Migration (3 Days Ago)
- Power-Sipping PC Runs Linux (3 Days Ago)
- British business not getting the IM message (4 Days Ago)
- Fake UPS invoices deliver Pushdo botnet package (4 Days Ago)
- Crystal Ball Sunday #8: Virtual Appliances (4 Days Ago)
