Vulnerabilities Leave RealPlayer Open To Attack

iDefense is warning users of several critical vulnerabilities in several versions of its online media application, RealPlayer, that could open the door for a remote code execution attack on both Windows and Mac systems, according to iDefense Labs security blog.

Altogether, the vulnerabilities affect RealPlayer, an application for playing online media files, in Windows versions 11.0 through 11.0.4, Windows 10.5, Mac RealPlayer 10, RealPlayer 10.1.0.3830 on Linux.

One of the critical vulnerabilities is a buffer overflow issue within RealPlayer when it handles compressed GIF files. Specifically, the error occurs in the CGIFCodec::InitDecompress() function and could lead to heap corruption, which can pave the way for attackers to execute malicious code remotely.

If exploited, an attacker could launch malicious code on a user's system by enticing a victim into opening an RTSP (Real Time Streaming Protocol) stream. Once the victim opened the stream, the attack would inject a malformed compressed GIF image into a RTSP stream, launching malicious code onto the user's system.

Additionally, an attacker could also host a malicious Web site and then entice a victim to visit the page, which would immediately download malware onto their systems.

iDefense Labs said that other attack vectors might exist.

Additionally, RealNetworks, which develops RealPlayer application, has released patches addressing two other critical integer overflow vulnerabilities that can lead to remote code execution attacks if left unaddressed.

One of those vulnerabilities includes an integer overflow issue that was detected when the RealPlayer system undergoes a "chunked" transfer encoding method, a process which breaks the file the server is sending into digestible "chunks." The error occurs when the server is processing the "chunks," resulting in a heap overflow vulnerability and opening up a security hole that enables remote attackers to launch malicious code on a user running the application.

Attackers can exploit the flaw by persuading a user to use RealPlayer when opening a specially crafted media file, usually conducted via an infected Web page using the RealPlayer plug-in or by a link embedded in an e-mail directing them to a malicious file. Attackers will then be able to install code allowing them to infiltrate and take complete control of a user's computer.

Meanwhile, a third memory corruption error exists in the CMediumBlockAllocator::Alloc method, that can also open up a security hole enabling malicious attacks.

In a successful attack scenario, a hacker would also have to entice a RealPlayer user to open a specially crafted media file, typically through some social engineering scheme. The user could become infected by opening a contaminated Web site or infected link, embedded in an e-mail, redirecting a user to a malicious site.

iDefense recommends that users who run RealPlayer applications apply the available patches as soon as possible.

(ChannelWeb)