Forgot your password?
typodupeerror
Security IT

RealPlayer Zero-Day Flaw Under Attack 150

Posted by Zonk
from the my-kingdom-for-a-patch dept.
openOption writes "ZDNet is reporting that hackers are actively exploiting a zero-day hole in RealNetworks' RealPlayer media player, a software program installed on tens of millions of Windows computers worldwide. The in-the-wild attacks targets a previously unknown and unpatched ActiveX vulnerability in the way RealPlayer interacts with Microsoft's Internet Explorer browser. The flaw is causing drive-by malware downloads when an IE user simply browsers to a maliciously rigged Web page."
This discussion has been archived. No new comments can be posted.

RealPlayer Zero-Day Flaw Under Attack

Comments Filter:
  • by Anonymous Coward on Friday October 19, 2007 @05:23PM (#21048545)
    Used by no one... until now.
    • by Anonymous Coward on Friday October 19, 2007 @06:31PM (#21049607)
      overflow exploit, right?
    • Re: (Score:3, Insightful)

      by Sillygates (967271)
      This wouldn't be a problem if companies like Dell(?) didn't preinstall RealPlayer on computers.

      • by Zymergy (803632) *
        That is why we have the PC Decrapifier: http://www.pcdecrapifier.com/ [pcdecrapifier.com]
        • by conlaw (983784)
          Thanks for the link. I'll probably have to set up a Windows box for my niece before she starts high school and it sure would be great not to have to go remove all the crap by hand.
        • by sh3l1 (981741) *
          Why do you have to install this? Wouldn't this be more crap on your computer?
          • by Zymergy (803632) *
            It is a batch uninstaller that saves you lots of TIME as it uninstalls the CrapWare/TrialWare factory installed on so many OEM PCs in one operation and reboot.
            And you don't need to uninstall it as it is merely a free standing executable application (and it even offers to create an XP/Vista restore point if you want/need to undo changes).

            I do correct myself in pointing out that I was in error when I ~assumed~ that the PC Decrapifier uninstalled "RealPlayer", I feel it should be on the list of detected cr
        • by Ilgaz (86384) *

          That is why we have the PC Decrapifier: http://www.pcdecrapifier.com/ [pcdecrapifier.com]
          I got a better solution. Don't buy Dell, buy from a company who respects your rights to choose your own software.

          Windows, Linux, Apple doesn't matter. There are companies like that.

          Deep level issue is, this issue somehow related to IE and ActiveX. Good luck removing them from Windows ;)
          • Your solution sucks.
            I'd rather get the best deal, and then take 1 hour to reconfigure the software.
  • by Anonymous Coward
    Greased up Yoda doll
    Puckered anus
    GO LINUX!
  • by Anonymous Coward on Friday October 19, 2007 @05:23PM (#21048551)

    a software program

    I like software programs. They run well on my computer PC and look nice on my display monitor. My computer PC works well, all the way from the electric power cable to the Ethernet network card, the hard disk hard drive, and my wireless keyboard keyboard and mouse mouse.

    (What are synonyms for keyboard and mouse?)

  • Whew! (Score:4, Interesting)

    by dedazo (737510) on Friday October 19, 2007 @05:24PM (#21048557) Journal
    God, I'm so glad I bought a computer with Windows XPN, which thanks to the wisdom of the European Union and RealNetworks' claims of unfair competition against their cuasi-malware player, does not include Windows Media Player! Yes, instead the OEM installed... oh, wait. They installed RealPlayer. Holy sh #$!@&*^} NO CARRIER
    • by athdemo (1153305)
      Just don't use the internet, you'll be fine. Wait, nevermind, RealPlayer? You'll never be fine.
  • I don't want to be a troll, but people who install Real Player are asking for trouble.
    Wow, I just had a scary thought I managed to block just in time before passing out: Real Player. On Vista.
    • by athdemo (1153305)
      I swear I haven't seen or heard from RealPlayer in like 5 years, it's still around? And people install it?
      • by Jugalator (259273)
        For some reason, it can still be popular on various news sites and so on, so yes, people hence use it. I guess Real simply give them some irresistible deals, because surely they aren't stupid enough to willingly use that format? I can admit that the most modern Real formats are pretty good, but the standalone player and all that isn't.
        • by Angostura (703910) on Friday October 19, 2007 @06:38PM (#21049717)
          I can't speak about the windows version, but the OS X implementation of the free player is actually very nice to use indeed: fast and lightweight. It's the format I choose for listening to and watching BBC streaming feeds.
          • It's also easy to uninstall. Just drag it to the trash (along with all other files that comes up when you run a spotlight search for realplayer), then just hit Command, Shift, Delete. Then again, I uninstalled IE from Windows 95 machine. Anything is easy to uninstall after that.
            • by Buran (150348)
              Good luck installing the file manager. Yeah, that'll get you real far. It'd be like yanking the Finder out of my Mac (which has not and never will have a problem with this flaw...)
              • by Buran (150348)
                I mean, UNinstalling. Hello, this is 2007 and there's no edit button? And what's with this lame "to give everyone a chance to post" bullshit? It's 2007, computers can handle more than one simultaneous query.
      • Eh, it's more open (with the Helix stuff?) and more multiplatform than Microsoft's alternatives (is even Mplayer with binary codecs able to play DRM'd WMVs? And even their new Silverlight, despite allegedly for Mac and Windows, is OSX x86-only -- there's a buttload of still-useful PowerPC machines still out here).

        And with most sites I've seen that offer streaming content, those are my two choices -- Real or DRM'd MS (if I'm even lucky enough to have a choice of something non-MS!). Or Flash. Ooh, yeah, that'
        • by Ilgaz (86384) *
          If it is DRM, I would choose Real DRM because they actually make money from their servers. They do it for living, MS does wmedia to give hell to people who dares to reject using their OS.

          Fortunately their "Lets give sites wmedia server free so they will serve our junk format" failed horribly after Flash took over the embedded video market thanks to hassle free installation and being multiplatform. Now the MS geniuses came up with "SilverLight" aka "Flash killer" (!) and naive or well paid usual suspect deci
      • by Draek (916851)
        yup. It works on Linux, it's fast, lightweight, and it's used by reputable news sites [bbc.co.uk], something that can't be said of any other video codec.
    • by Dishevel (1105119) on Friday October 19, 2007 @05:48PM (#21048963)
      I love Real Player. Its icon is pretty and when I click on some things on the internet it works sometimes for me. If it dose not work I just figure that the people putting that bad stuff on the internet must not know what a wonderful company Microsoft is for people like me. Now if you will excuse me I need to click on something real fast so AOL doe not disconnect me again. All I need is MS programs that I can use while online with AOL with my wonderful CABLE COMPANY connection to the internet.
  • Not in Vista (Score:4, Informative)

    by El Lobo (994537) on Friday October 19, 2007 @05:26PM (#21048601)
    The vulnerability doesn't affect IE in protected (sandboxed, default) mode on Vista, of course.
    • by Anonymous Coward on Friday October 19, 2007 @05:44PM (#21048905)
      Nobody uses Vista because Vista's not compatible with Windows.
    • by Anonymous Coward
      [Cancel] or [Allow] ?
    • Re: (Score:1, Interesting)

      by Anonymous Coward
      Actually it does. If you bothered to learn the underlying components(below the API) you wouldn't sound like such a dolt.

    • Would you like to permit this song to be played?

      How about this song?

      How about this one?

      (repeat 50 times)

      (user unchecks security check)
      • by SEMW (967629)
        I don't think you understand. Playing media files in realplayer would not require elevation, since playing a song doesn't need root privileges. Playing media files in internet explorer would not require elevation either, since though IE is sandboxed, playing media files wouldn't require IE to write to anything other than the 'temproary internet files' directory. But if a webpage tries to install malware, that would require writing to a directory other than temporary internet files (so needs user privileg
    • by suv4x4 (956391)
      I've no particular reason to reply here, but check the other replies.

      They're actually insulting, ranting, cussing, since you mentioned Vista isn't vulnerable. Makes me sad of Slashdot, you know?
    • In other words, Vista/IE7 are on par with every other non-Microsoft OS/browser in this particular aspect. That's good news, but don't color me too impressed.
      • You mean every other non-Microsoft OS/browser has a sandbox model to stop exploits from running over user files? Can you name a few or were you just karma whoring the groupthink?
        • Something like running firefox/konqueror with sudo -u nopriv_user under Linux? Or if you're paranoid, setting up a chroot jail or BSD jail?
  • by rel4x (783238) on Friday October 19, 2007 @05:28PM (#21048641)
    ...that the viruses using this attack were still easier to uninstall than RealPlayer itself.
    • Upon attempting to exploit the flaw, the virus was promptly greeted with ...BUFFERING... ...BUFFERING...
    • The malware that gets installed is, itself, Real Player.

      Affected computers are stuck in a feedback loop where Real Player installs itself over and over again.
      The space-time continuum is breaking down as we speak.
    • by Xtifr (1323)

      dpkg --purge realplayer
      Does the trick on my system. I also note that this is not a flaw in Realplayer! If it were, I would be vulnerable, but since it relies on ActiveX, which I don't have, I seem to have have litle to worry about. This is (Yet Another) ActiveX exploit. Yawn. Even the open source guys (and these days Realplayer is mostly open-source except for their one special codec) can't make a Windows-based system secure.
  • I had no idea people still use RealPlayer.
    • by SEMW (967629)
      "To Listen Live, or Listen Again to shows you have missed, on the BBC Radio Player you will need to have ... RealPlayer installed on your computer." (source: The BBC [bbc.co.uk])
  • by operagost (62405) on Friday October 19, 2007 @05:39PM (#21048839) Homepage Journal
    Real has posted a video press release on this. I would like to tell you more, but it's still buffering. Maybe they should use Media Player for their press releases.
  • It's going to take a while for the virus to stop buffering....
  • Real Alternative (Score:4, Informative)

    by gravis777 (123605) on Friday October 19, 2007 @05:40PM (#21048849)
    http://www.free-codecs.com/download/Real_Alternative.htm [free-codecs.com]

    Now I just have to worry about unpatched holes in Windows Media Player!

    Truthfully, I already have one bloated Media Player that is part of the OS on my machine, why would I want to install another?

    BTW:
    http://www.free-codecs.com/download/QuickTime_Alternative.htm [free-codecs.com]
    To take care of that OTHER bloated media player
  • Get with it (Score:2, Funny)

    by Skiron (735617)
    New marketing name -> RealTrojans (or viruses/worms, whatever). Sales are UP!
  • by Anonymous Coward
    You have been infected by a RealPlayer virus! Muahahah! In 5 seconds, your hard drive will be form ...buffering... ...buffering... ...buffering...
  • by jdjbuffalo (318589)
    All 5 people who still have Real Player installed are in for a world of hurt...
  • The flaw is causing drive-by malware downloads when an IE user simply browsers to a maliciously rigged Web page.

    I like the use of the word browser as a verb.
    Also, drive-by malware downloads? This hood is no longer safe, yo!
    • by raehl (609729)
      Besides, isn't a drive-by more of an upload?
      • by rts008 (812749)
        Depends on which end you are on- the giving end (upload), or the receiving end (you end up as Son of Goatse).
        You seem to be coming from the 'giving end' perspective...nothing wrong with that- better to give than receive as they say!

        On a serious note, WTF?!?!?
        Why is anyone still using ActiveX for anything? It's propensity for Bad Shit (TM) has been legendary for too long for this crap to keep happening. Anyone still using ActiveX needs beaten unconscious with a clue stick...last century!

        As others have previo
  • Please, no more stupid verbs-nee-nouns.

    "Blog" should have been smothered in the crib, let's not loose another monster.

  • Last time I saw real player was when I installed google pack on a windows machine years ago. I love picasa and google earth, and at the time a few of the other packages seemed like nice things to get all in 1 install. Real player was the deal killer- I never could figure out what good it was. It seems like it spent more of my time and CPU cycles trying to sell me on an upgrade than doing anything useful. What was/is google thinking on that one?
    • by Bryansix (761547)
      Ug, Picasa sucks. I still can't figure out what it really DOES. When I installed it I couldn't get it to do a single thing.
    • Real player is not the pos it once was and the spyware is all gone and it is ok today. TO me the included Norton virus scan causes much more issues with speed than the real player.

  • Next up: Spam with attached Realmedia files that redirect to "stock sharing sites."
  • I remember 'registering' Real Player back in the 90's so they sent me a CD-ROM with the 'paid for' version that had a 'record' button (for those really, really rare instances where a server allowed you to record the stream.)

    Is Real Player still around???
  • ... and people still use Real anything...

    Wow.

    After that wretched "G2 Phone Home" crap and the whole "tell me who your are so I can spam the hell out of you unless you use a fake email address like 'realsucks@pissoff.com'" crap, I'm really suprised ANYONE uses the stuff. I haven't come across a single site in the last few years that uses Real to stream, and all of my musician buddies stopped encoding in Real format back in 2001 or so.

    File this exploit under "does anyone really care?". It's like finding a zer
    • Apparently, the BBC's Iplayer project just announced that they'll also be providing content in Real, because a stack of Linux, Mac, and other software users got extremely upset their content could only be viewed with Windows Media Player. So, it's true that Real is around and will be around for a while, namely to provide an alternative to Windows Media Player.

      Now, if they'd just give up on calling files tagged as .rpm as Real files, and save them as software packages and save me having to use the "save as"
    • by Ilgaz (86384) *
      Well I think you blame people for not keeping up with trends but you are in fact, out of date yourself.

      Things since Real G2

      1) Real changed entire management staff who was in charge for bundling things or deciding very plain GUID sending to SERVER which could be risk for privacy.
      2) Real opened the entire source of player/framework except million dollar worth codecs which nobody can beat on low bandwidth scenarios.
      3) Real patented their inventions and said "it is free to you if it is open source project" to d
  • I still use the real player. Really the only reason I do is becuase the 100+ downloaded south park episodes I have from southparkx.net are encoded as .rm files and are better quality (for a 36mb) than anything else. Honestly though, people rip on Real but I think itunes & quicktime (bundled together mind you at 50mb+) is a much inferior product than Real. Apple and Adobe are two of the worst bundling companies out there.
  • drive-by malware downloads? good thing I got a MAC
    • by mosschops (413617)
      Actually, it's because you have a MAC that you're vulnerable. Without one you'd not have a network connection, and you'd be perfectly safe from this attack.

      Now, having a Mac would make having a MAC much less risky than under Windows...
  • I disabled that on my WinXP a looooooonnnnnnnngggg time ago.
  • The evil Realplayer is still required for some MIT open courseware. They should convert those files ASAP.
  • The flaw is causing drive-by malware downloads when an IE user simply browsers to a maliciously rigged Web page

    Of course this flaw only affects badly managed systems where the user is browsing the Internet while logged on as an Adminstrator.
    Microsoft is trying to discourage this but the users are too stupid to realize what they are doing wrong, and keep adding themselves to the Administrators group and keep trying to get rid of "annoying" popups that tell them they need to supply their password before the s
  • Buggering... Buggering... Buggering...

The meat is rotten, but the booze is holding out. Computer translation of "The spirit is willing, but the flesh is weak."

Working...