discogail
April 2nd, 2003, 11:34 AM
RealNetworks Releases Security Update to Address RealOne Player, RealPlayer Security Vulnerabilities.
Updated March 27, 2003
On March 7, 2003, a security exploit affecting RealOne Player and RealPlayer 8 was brought to the attention of RealNetworks.
The specific exploit was:
By creating a specifically corrupted PNG (Portable Network Graphics) file, it is possible to cause heap corruption to occur, allowing an attacker to execute arbitrary code on a user's machine.
While we have not received reports of anyone actually being attacked with this exploit, all security vulnerabilities are taken very seriously by RealNetworks. RealNetworks has found and fixed the problem.
This vulnerability was due to the usage of an older, vulnerable version of a data-compression library within the RealPix component of the Player. The vulnerability was fixed by using an updated (non-vulnerable) version of this data-compression library in RealPix.
In addition to fixing the reported vulnerability, RealNetworks performed a review of all of the RealOne Player source code to identify other areas where this data-compression library is used. As a result of this review, several additional Player components have also been fixed, and are included in the provided updates.
Affected Software:
RealOne Player and RealOne Player v2 for Windows (all language versions), RealPlayer 8 for Windows (all language versions), RealPlayer 8 for Mac OS 9, RealOne Player for Mac OS X, RealOne Enterprise Desktop Manager and RealOne Enterprise Desktop (all versions).
The Helix DNA Client is not affected by this vulnerability.
Workaround:
To ensure that your Player is protected, we recommend installing the updates available.
UPDATES
Windows Players:
Please use the following steps to update your RealOne Player and RealPlayer8:
RealOne Player (6.0.10.505), RealOne Player version 2 (6.0.11.853):
Go to the Tools menu.
Select "Check for Update".
Select the box next to the "Security Update - March 2003" component.
Click the Install button to download and install the update.
RealPlayer 8 (version 6.0.9.584):
Go to the Help menu.
Select "Check for Update".
Select the box next to the "Security Update - March 2003" component.
Click the Install button to download and install the update.
RealOne Player for OS X:
Please go to http://forms.real.com/real/realone/mac.html to download an updated RealOne Player.
RealPlayer 8 for MacOS 9 (version 6.0.9.584):
Please click here to download the update archive, and then follow these steps to install the updated components:
Decompress the update archive using Stuffit Expander.
Close (quit) the RealPlayer if currently running.
Copy the following update files from the archive
pxpf60.dll
pxpr60.dll
pxgr60.dll
pxcpng60.dll
httpfsys60.dll
swfrend60.dll
to the System Folder:Application Support:Real:Plugins folder, which can be opened through the following -
Open the System Folder
Open the Application Support folder within the System Folder
Open the Real folder within the Application Support folder
Open the Plugins folder with the Real folder
Select "Okay" when asked to replace older items with the same names.
Acknowledgement:
The vulnerabilities were discovered with the help of Carlos Sarraute and Juliano Rizzo of Core Security Technologies.
Updated March 27, 2003
On March 7, 2003, a security exploit affecting RealOne Player and RealPlayer 8 was brought to the attention of RealNetworks.
The specific exploit was:
By creating a specifically corrupted PNG (Portable Network Graphics) file, it is possible to cause heap corruption to occur, allowing an attacker to execute arbitrary code on a user's machine.
While we have not received reports of anyone actually being attacked with this exploit, all security vulnerabilities are taken very seriously by RealNetworks. RealNetworks has found and fixed the problem.
This vulnerability was due to the usage of an older, vulnerable version of a data-compression library within the RealPix component of the Player. The vulnerability was fixed by using an updated (non-vulnerable) version of this data-compression library in RealPix.
In addition to fixing the reported vulnerability, RealNetworks performed a review of all of the RealOne Player source code to identify other areas where this data-compression library is used. As a result of this review, several additional Player components have also been fixed, and are included in the provided updates.
Affected Software:
RealOne Player and RealOne Player v2 for Windows (all language versions), RealPlayer 8 for Windows (all language versions), RealPlayer 8 for Mac OS 9, RealOne Player for Mac OS X, RealOne Enterprise Desktop Manager and RealOne Enterprise Desktop (all versions).
The Helix DNA Client is not affected by this vulnerability.
Workaround:
To ensure that your Player is protected, we recommend installing the updates available.
UPDATES
Windows Players:
Please use the following steps to update your RealOne Player and RealPlayer8:
RealOne Player (6.0.10.505), RealOne Player version 2 (6.0.11.853):
Go to the Tools menu.
Select "Check for Update".
Select the box next to the "Security Update - March 2003" component.
Click the Install button to download and install the update.
RealPlayer 8 (version 6.0.9.584):
Go to the Help menu.
Select "Check for Update".
Select the box next to the "Security Update - March 2003" component.
Click the Install button to download and install the update.
RealOne Player for OS X:
Please go to http://forms.real.com/real/realone/mac.html to download an updated RealOne Player.
RealPlayer 8 for MacOS 9 (version 6.0.9.584):
Please click here to download the update archive, and then follow these steps to install the updated components:
Decompress the update archive using Stuffit Expander.
Close (quit) the RealPlayer if currently running.
Copy the following update files from the archive
pxpf60.dll
pxpr60.dll
pxgr60.dll
pxcpng60.dll
httpfsys60.dll
swfrend60.dll
to the System Folder:Application Support:Real:Plugins folder, which can be opened through the following -
Open the System Folder
Open the Application Support folder within the System Folder
Open the Real folder within the Application Support folder
Open the Plugins folder with the Real folder
Select "Okay" when asked to replace older items with the same names.
Acknowledgement:
The vulnerabilities were discovered with the help of Carlos Sarraute and Juliano Rizzo of Core Security Technologies.