[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[no subject]

	It's not exactly a "zero day" since it involves some user interaction
(like downloading the friggen file) but, yes, stupid human tricks are in
plentyful supply...

	IAC...  Confirmed.

	<a  rel="nofollow" href="http://www.frsirt.com/exploits/20050926.helix4real.c.php";>http://www.frsirt.com/exploits/20050926.helix4real.c.php</a>


	Commentary contained in the advisory along with the code:

&gt; To exploit this remotly, a user just needs to place the created file on a web site and provide
&gt; a link so users can click the file, launching RealPlayer and exploiting the vulnerability.
&gt; 
&gt; Real have been duely informed about this issue and are fixing. Sadly though, it seems someone
&gt; is trying to pinch my research, as such I have been forced to release this advisory sooner than
&gt; hoped. Until Real get a new release out, do not play untrusted media with RealPlayer or HelixPlayer.
&gt; Sorry Real.com!
&gt; 
&gt; Moral of the story, don't talk about personal research on IRC. Thank you plagiarizers.

	You basically have to click on an infected URL.

	Mike

&gt; S
&gt; 
&gt;  From the SANS website (<a  rel="nofollow" href="http://isc.sans.org/diary.php?storyid=707";>http://isc.sans.org/diary.php?storyid=707</a>):
&gt; 
&gt; &gt; Possible New Zero-Day Exploit for Realplayer
&gt; &gt;  
&gt; &gt; Published: 2005-09-27, Last Updated: 2005-09-27 04:54:47 UTC
&gt; &gt; FrSIRT is reporting a zero day exploit against client side Realplayer 
&gt; &gt; and Helix Player.  This exploit takes advantage of a format string 
&gt; &gt; error which can be exploit by using specially crafted &quot;.rp&quot; (relpix) 
&gt; &gt; or &quot;.rt&quot; (realtext) files.  The affected versions are
&gt; &gt;
&gt; &gt;  Helix Player 1.0.5 Gold and prior (Linux)
&gt; &gt;  RealPlayer 10.0.5 Gold and prior (Linux)
&gt; &gt;
&gt; &gt;  There is no known fix at this time.  
&gt; &gt; <a  rel="nofollow" href="http://service.real.com/help/faq/security/";>http://service.real.com/help/faq/security/</a> has not posted information 
&gt; &gt; on this yet.  Stay tuned for further updates as we have them.
&gt; 
-- 
 Michael H. Warfield    |  (770) 985-6132   |  mhw at WittsEnd.com  
  /\/\|=mhw=|\/\/       |  (678) 463-0932   |  <a  rel="nofollow" href="http://www.wittsend.com/mhw/";>http://www.wittsend.com/mhw/</a>
  NIC whois:  MHW9      |  An optimist believes we live in the best of all
 PGP Key: 0xDF1DD471    |  possible worlds.  A pessimist is sure of it!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 307 bytes
Desc: This is a digitally signed message part



</pre>
<!--X-Body-of-Message-End-->
<!--X-MsgBody-End-->
<!--X-Follow-Ups-->
<hr>
<!--X-Follow-Ups-End-->
<!--X-References-->
<ul><li><strong>References</strong>:
<ul>
<li><strong><a name="00594" href="msg00594.html">[ale] Possible zero-day exploit (RealPlayer)</a></strong>
<ul><li><em>From:</em> stephen at bee.net (Stephen Cristol)</li></ul></li>
</ul></li></ul>
<!--X-References-End-->
<!--X-BotPNI-->
<ul>
<li>Prev by Date:
<strong><a href="msg00595.html">[ale] capturing windows com port output</a></strong>
</li>
<li>Next by Date:
<strong><a href="msg00597.html">[ale] capturing windows com port output</a></strong>
</li>
<li>Previous by thread:
<strong><a href="msg00594.html">[ale] Possible zero-day exploit (RealPlayer)</a></strong>
</li>
<li>Next by thread:
<strong><a href="msg00598.html">[ale] SystemRescueCD got only one shot!</a></strong>
</li>
<li>Index(es):
<ul>
<li><a href="maillist.html#00596"><strong>Date</strong></a></li>
<li><a href="threads.html#00596"><strong>Thread</strong></a></li>
</ul>
</li>
</ul>

<!--X-BotPNI-End-->
<!--X-User-Footer-->
<!--X-User-Footer-End-->
</body>
</html>