 |  |  |  |  |  |  |  |
RealPlayer 11 zero-day exploit demo posted online
A posting at Daily Dave, which is part of the Insecure.org security website, by the founder of a Moscow based security vendor called Gleg, would suggest that it's not a very good start to the new year for RealPlayer 11 users.
Gleg Ltd chief technology officer Evgeny Legerov made a very brief announcement regarding the exploit code, a stack overflow bug, which was revealed during a code audit as part of ongoing updates for the VulnDisco penetration testing software that Gleg sells. Interestingly, the posting also contained a link to an online Flash based demo showing the working code exploit in action.
According to Legerov, the version of RealPlayer that was tested an found vulnerable is 11, build 6.0.14.748 and a US-CERT warning confirms that RealPlayer 11 running under WIndows XP SP2 is effected by the exploit. That said, there would appear to be no evidence of this exploit being in the wild, no reports of end users being compromised, and no word from Real as to whether the code works or not, nor if a fix is forthcoming if it does. It has criticised Legerov for posting the exploit code demo without first contacting Real to enable them to investigate and patch oif necessary though.
Gleg Ltd chief technology officer Evgeny Legerov made a very brief announcement regarding the exploit code, a stack overflow bug, which was revealed during a code audit as part of ongoing updates for the VulnDisco penetration testing software that Gleg sells. Interestingly, the posting also contained a link to an online Flash based demo showing the working code exploit in action.
According to Legerov, the version of RealPlayer that was tested an found vulnerable is 11, build 6.0.14.748 and a US-CERT warning confirms that RealPlayer 11 running under WIndows XP SP2 is effected by the exploit. That said, there would appear to be no evidence of this exploit being in the wild, no reports of end users being compromised, and no word from Real as to whether the code works or not, nor if a fix is forthcoming if it does. It has criticised Legerov for posting the exploit code demo without first contacting Real to enable them to investigate and patch oif necessary though.
Similar Threads
- RealPLayer Problem! (Windows NT / 2000 / XP)
- Internet Speed Getting Slower Day by Day (Viruses, Spyware and other Nasties)
- News Story: Visual Studio zero-day exploit code in the wild (Network Security)
- Creating an Online Demo (Promotion and Marketing Plans)
| Thread Tools | Search this Thread |
You need to join our community in order to build your list of favorite forums. You can visit the forum index for a listing of all forums.
Related Forum Features
Latest Network Security Posts
- Today's Posts
- Unanswered Threads
advertising age amd android apple avatar bluegene botnet browser business cellphone censorship china chips copyright crime data database development dos downloads economy email encryption energy enterprise europe facebook firefox gadget games gaming google government hacker hacking hardware ibm ibm.news intelibm internet iphone ipod itunes law legal linux mac malware marketing mcafee medicine memory microsoft mobile mozilla music news openoffice opensource os pc phishing piracy porn privacy ps3 recession redhat report research russia search security sex socialnetworking software spam sun supercomputer supercomputing survey technology trends trojan twitter ubuntu uk video virus vista web windows windows7 working worm x86 xbox yahoo youtube
