A RealNetworks security patch for its media player software is
flawed, leaving millions of users at risk of attacks, a security
researcher warned yesterday.
RealNetworks last week posted a software update on its Web site to
fix three security flaws in the Windows versions of the RealOne
Player and RealPlayer.
An attacker could take over a computer running the media player
software by encouraging a user to download a malformed file,
RealNetworks said in a security advisory posted on its Web site
last week.
However, the software patch "does not do its job", according to
Mark Litchfield, a security researcher with Next Generation
Security Software.
It is still possible to cause a buffer overrun by making a couple
of simple modifications to the attacks on the software, Litchfield
said. He alerted RealNetworks and is now helping the company come
up with a fix that plugs the security holes.
In a buffer overrun attack, an attacker exploits an unchecked
buffer in a program to load their own code onto a system and run
that.
RealNetworks confirmed in a statement yesterday that Litchfield is
looking at a new security fix and that this should be posted
"shortly". The company said it took all buffer overrun bugs
seriously, but added that Litchfield "has not been able to
demonstrate how to exploit the buffer overruns for malicious
intent".
Litchfield has tested several new patches, but all were flawed.
"The third one last night had only one overflow, so I am hoping
they will have a final patch out in the next two days or so," he
said.
The original patch was not offered to Litchfield for testing,
although he did offer to test it when he first told RealNetworks
about the flaws on 1 November.