Page 1 of 2 12 LastLast
Results 1 to 10 of 13

Thread: RealPlayer vulns/updates - archive

  1. #1
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation RealPlayer vulns/updates - archive

    FYI...

    - http://secunia.com/advisories/29315/
    Release Date: 2008-03-11
    Critical: Highly critical
    Impact: System access
    Where: From remote
    Solution Status: Unpatched
    Software: RealPlayer 11.x ...
    ...The vulnerability is confirmed in RealPlayer version 11.0.1 (build 6.0.14.794) including rmoc3260.dll version 6.0.10.45. Other versions may also be affected.
    Solution: Set the kill-bit for the affected ActiveX control...

    Last edited by AplusWebMaster; 2010-01-22 at 19:34. Reason: RealPlayer vulns - update available
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  2. #2
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation

    Follow-up...

    - http://isc.sans.org/diary.html?storyid=4120
    Last Updated: 2008-03-11 12:23:41 UTC - "Real player is probably installed on many of your computers, and an exploit for an unpatched vulnerability was made public on the full-disclosure mailing list.
    As a result, those using ActiveX capable browsers (read: MSIE) are vulnerable to attack, with no patch on the horizon yet.
    Workarounds:
    * Set killbits for:
    rmoc3260.dll version 6.0.10.45
    {2F542A2E-EDC9-4BF7-8CB1-87C9919F7F93}
    {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA}
    But this will also remove the genuine functionality of the player.
    * Use a browser that doesn't support ActiveX (there's plenty of those)..."

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  3. #3
    Member
    Join Date
    Feb 2008
    Location
    Wales, UK
    Posts
    49

    Post

    I think this vulnerability may have been patched now. I check approx once a week for updates in Real Player 11 and yesterday there was a critical update which I downloaded immediately. My version of Real Player is now shown as:
    Version 11.0.2
    Build: 6.0.14.802
    Previously I had Version 11.0.1, Build: 6.0.14.794 as shown in your first post.
    I have told Secunia about this in case it might be useful to them.

  4. #4
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Question

    FYI... this looks like the one, but it still shows as "...Unpatched":

    - http://secunia.com/advisories/29315/
    Release Date: 2008-03-11
    Last Update: 2008-03-19
    Critical: Highly critical
    Impact: System access
    Where: From remote
    Solution Status: Unpatched <<<
    Software: RealPlayer 11.x
    ...The vulnerability is confirmed in RealPlayer version 11.0.1 (build 6.0.14.794) including rmoc3260.dll version 6.0.10.45. Other versions may also be affected.
    Solution: Set the kill-bit for the affected ActiveX control...
    ------------

    Last update shown on their website:
    - http://service.real.com/realplayer/s...index.html#web
    dated: # October 25, 2007 RealPlayer Update - Security update.

    ...still, it could be they just haven't "announced" it yet with a post, 'don't know. Why they wouldn't have "confirmed" the fix there is an unknown.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  5. #5
    Member
    Join Date
    Feb 2008
    Location
    Wales, UK
    Posts
    49

    Post

    I did say it 'may' have been patched! I wouldn't know for sure, but I had checked a few days earlier and there wasn't a critical update available then. I've got an item in the 'Installed Components' section called 'SecurityUpdate 1.0.0.1', so presumably that's what I got a couple of days ago.
    I didn't really expect a response from Secunia immediately as I imagine they'd have to check it and it's the Easter weekend, so things might be slower at the moment.
    I had that update of 25.10.2007 as I had v10.5 then and the build I had needed the update. Later I updated to v11.0.1 through the program.
    As I use Firefox most of the time and only rarely use IE7, I'll pass on the kill-bit for now, it looks complicated and very difficult to undo. Firefox doesn't support ActiveX.

  6. #6
    Member
    Join Date
    Feb 2008
    Location
    Wales, UK
    Posts
    49

    Post

    I meant to say too that it may be that Real aren't very good at keeping their site up to date even when they've issued a critical update. Also my message to Secunia might be the first they've heard of it. It does say to contact them if you have any new information which is what I did.

  7. #7
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation

    FYI...

    - http://preview.tinyurl.com/2e4dth
    March 24, 2008 (Symantec Security Response Weblog) - "...Recently, we observed some suspicious activity on the Chinese Yahoo astrology site, hxxp: //astrology. cn.yahoo .com. Upon investigation, we determined that the site in question contained an iframe that was linking to the domain luckty.com, an astrology-based match finding company. This page contained an embedded iframe that linked to a malicious site that was exploiting the Real Player ierpplug.dll ActiveX Control Buffer Overflow Vulnerability and the MSIE ADODB.Stream Object File Installation Weakness to download malicious code onto a compromised machine. We contacted our friends at Yahoo, who subsequently removed all iframe references pointing to luckty.com..."

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  8. #8
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation RealPlayer update available

    FYI...

    - http://secunia.com/advisories/29315/
    Last Update: 2008-03-24
    ...The vulnerability is confirmed in RealPlayer version 11.0.1 (build 6.0.14.794) including rmoc3260.dll version 6.0.10.45. Other versions may also be affected...
    Solution: Update to version 11.0.2 (build 6.0.14.802) via e.g. "Check for Update" in the "Help->About RealPlayer" menu...

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  9. #9
    Member
    Join Date
    Feb 2008
    Location
    Wales, UK
    Posts
    49

    Post

    I see Real haven't updated their updates page yet. Why doesn't Real Player 11xx appear in the applications checked by Secunia's on-line check yet? It checks other versions of Real Player.

  10. #10
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Question RealPlayer update to version 11.0.2

    Email to -support @ secunia.com- :

    "Per: http://secunia.com/advisories/29315/
    Last Update: 2008-03-24
    ...The vulnerability is confirmed in RealPlayer version 11.0.1 (build 6.0.14.794) including rmoc3260.dll version 6.0.10.45. Other versions may also be affected...
    Solution: Update to version 11.0.2 (build 6.0.14.802) via e.g. "Check for Update" in the "Help->About RealPlayer" menu...

    Since updating RealPlayer to version 11.0.2, it is -un-detected here:
    http://secunia.com/software_inspector/
    ...like it wasn't even installed on the PC (?), using fully patched version of Firefox; same result with fully patched version of IE7.
    Please advise..."

    'Guess we'll have to wait and see, won't we?

    BTW, 'also had the ISC ( http://isc.sans.org/contact.html ) send the folks at "Real support" a note (as a "wake-up" call), since they haven't yet updated here: http://service.real.com/realplayer/security/en/ ...
    Last edited by AplusWebMaster; 2008-03-28 at 10:25.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •