NGSSoftware Insight Security Research Advisory Name: REAL One Player code execution through malformed media file Systems Affected: RealOne Player (English), RealOne Player v2 (all languages), RealPlayer 10 (English, German and Japanese), RealPlayer 8 (all languages), RealPlayer Enterprise (all versions, standalone and "as configured" by the RealPlayer Enterprise Manager) Severity: High Vendor URL: http://www.real.com Author: John Heasman [ john at ngssoftware.com ] Date of Public Advisory: 11th June 2004 Advisory number: #NISR11062004 Advisory URL: http://www.nextgenss.com/advisories/realra.txt Description *********** RealOne and RealPlayer are the most widely used products for internet media delivery. There are currently in excess of 200 million users that use these products worldwide. Details ******* By crafting a malformed .RA, .RM, .RV or .RMJ file it possible to cause heap corruption that can lead to execution of arbitrary code. By forcing a browser or enticing a user to a website containing such a file, arbitrary attacker supplied code could be executed on the target machine. This code will run in the security context of the logged on user. Another attacker vector is via an e-mail attachment. NGSResearchers have created reliable exploits to take advantage of these issues. Due to the ease of exploitation these vulnerabilities should be considered as high risk and customers are urged to update their players as soon as is possible. Fix Information *************** For the various fix options available for different types of REAL products, NGS suggest visiting http://service.real.com/help/faq/security/040610_player/EN/ for detailed information. About NGSSoftware ***************** NGSSoftware design, research and develop intelligent, advanced application security assessment scanners. Based in the United Kingdom, NGSSoftware have offices in the South of London and the East Coast of Scotland. NGSSoftware's sister company NGSConsulting, offers best of breed security consulting services, specializing in application, host and network security assessments. http://www.ngssoftware.com/ Telephone +44 208 401 0070 Fax +44 208 401 0076 enquiries@ngssoftware.com