0

A posting at Daily Dave, which is part of the Insecure.org security website, by the founder of a Moscow based security vendor called Gleg, would suggest that it's not a very good start to the new year for RealPlayer 11 users.

Gleg Ltd chief technology officer Evgeny Legerov made a very brief announcement regarding the exploit code, a stack overflow bug, which was revealed during a code audit as part of ongoing updates for the VulnDisco penetration testing software that Gleg sells. Interestingly, the posting also contained a link to an online Flash based demo showing the working code exploit in action.

According to Legerov, the version of RealPlayer that was tested an found vulnerable is 11, build 6.0.14.748 and a US-CERT warning confirms that RealPlayer 11 running under WIndows XP SP2 is effected by the exploit. That said, there would appear to be no evidence of this exploit being in the wild, no reports of end users being compromised, and no word from Real as to whether the code works or not, nor if a fix is forthcoming if it does. It has criticised Legerov for posting the exploit code demo without first contacting Real to enable them to investigate and patch oif necessary though.

1
Contributor
0
Replies
1
Views
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.