Your browser does not seem to support CSS. If images appear below, please disregard them.
1 2 3
4 5 6 7 8 9 10
11 12 13 14 15 16 17
18 19 20 21 22 23 24
25 26 27 28 29 30 31
Sponsored Links
Latest Postings
· Blackbeard.....
by Gremelin on 10/06/15 01:01 AM
Topic Options
Rate This Topic
#37382 - 11/27/02 01:23 AM RealNetworks pulls media player patch
Joined: Mar 2002
Posts: 562
Le4rner Offline
UGN Supporter
Le4rner Offline
UGN Supporter

Joined: Mar 2002
Posts: 562
RealNetworks has pulled down a patch that aimed to fix flaws in its popular media player software after the developer who discovered the problems said the fix doesn't work.

The vulnerabilities, which appear in the streaming media company's RealOne Player and Real Player, could affect as many as 115 million users of the software worldwide.

RealNetworks posted a patch last week, but NGSSoftware engineer Mark Litchfield on Tuesday said he was able to easily work around the fixes by making relatively minor changes to his attacks on the software.

"Whatever they did is not sufficient," Litchfield said, adding that he's still working with the company on a better patch.

The three flaws could result in what's known as a "buffer overflow," a memory problem that could compromise security controls and theoretically allow an attacker to take control of a PC running the Real media player.

The intruder could exploit the security holes by encouraging unsuspecting PC users to download files with overly long file names or other distorted features, according to NGSSoftware, the security company that first discovered the flaws.

RealNetworks said that the problems were only theoretical at this point and that the discoverer of the security holes could not actually demonstrate how to exploit the bugs to take over a PC.

"We have not yet received reports of anyone actually being attacked with this exploit," RealNetworks said in a posting on its Web site.

NGSSoftware notified the Seattle-based streaming media company of the problems Nov. 1, but kept the findings a secret until RealNetworks could post a patch for them. The U.K.-based security company sent its findings to the NTBugtraq mailing list after RealNetworks first said it fixed the flaws.

RealNetworks representatives did not immediately return calls seeking comment on the patch problems.

Sponsored Links
#37383 - 11/27/02 02:27 AM Re: RealNetworks pulls media player patch
Joined: Oct 2002
Posts: 955
jonconley Offline
UGN Super Poster
jonconley Offline
UGN Super Poster

Joined: Oct 2002
Posts: 955
Merrill, IA, USA
I just wanna say I hate realone player. It keeps taking over associations even after I unassociate them. I only have the player b/c I need to codec to convert .rm to .mp3 with streambox ripper. I personally do not trust real networks at all. Above is an example, and they have had a history of violating people's privacy rights.

Do yourself a favor. Boycott using their system. If someone's website serves/streams only in realmedia, then email the webmaster/admin and let them know. Quote some of the articles that show violations of privacy or security holes such as above. Also, being proprietary sucks ass. There were a few players that could play real media, but they complained.


Member Spotlight

Portland, OR; USA
Posts: 7,194
Joined: February 2002
Show All Member Profiles 
Forum Statistics
Most Online1,567
Apr 25th, 2010
Top Posters(All Time)
UGN Security 34,827
Gremelin 7,194
§intå× 3,255
SilentRage 1,273
Ice 1,146
pergesu 1,136
Infinite 1,041
jonconley 955
Girlie 908
unreal 860
Newest Members
Jan Havelles, Herbert_Sherbert, codemauve, Lillysdragon1984, Brewwit
2158 Registered Users
Who's Online Now
1 registered members (Gremelin), 101 guests and 162 spiders.
Key: Admin, Global Mod, Mod
Latest News
▼ Our Sponsors ▼

▲ Our Sponsors ▲