US-CERT Warning Not to Use Latest Version RealPlayer
The US-CERT (United States Computer Emergency Readiness Team) has warned the computer users about a new problem with the latest version of RealPlayer. This warning has come in the wake of an announcement made by a Russian security company, which claimed that it has discovered a route to exploit a critical flaw in the multimedia software.
The response team, part of the US Department of Homeland Security, said that the exploit causes severe harm to the latest version of RealPlayer, Version 11. To update people, a flash demonstration is posted on the Gleg site (Gleg is security testing firm based in Moscow). However, the company has not given its attack code and any technical details.
Ryan Luckin, a RealNetworks spokesman, said in a statement that RealNetworks has contacted the Gleg.net in this regard but has not received any reply. Luckin has accused Gleg.net for not furnishing information and said that they had just written a script and decided to post it, according to news reported by SCMagazine on January 2, 2008. Ryan Luckin told SCMagazine that the US-CERT report is being investigated by the company.
2007 also witnessed high-profile vulnerabilities creating problems for media players.
In October 2007, attackers came up with limited strikes against the zero-day ActiveX vulnerability of RealPlayer. The weakness enabled attackers to cross all the limits and cause extensive damage. The vulnerability helped attackers to implement arbitrary code and contaminate victim's computer with a Trojan downloader, but it was patched in three days.
General public is not aware of the exploit code because no reports have been released yet, said Art Manion, vulnerability analysis team leader at US-CERT. He added that the US-CERT has not studied the exploit code and therefore, cannot say whether it works or not, as published by washingtonpost on January 2, 2008.
The attack against media players would rise because Internet users perceive the application non-vulnerable against malicious codes, according to experts.
Luckin said that when so many people are using media players worldwide, it is bound to become a target of bad people who want to cause extensive damage, reported SCMagazineUS.com
Manion said that the users of RealPlayer should take every precaution while using it, otherwise do not use it at all.
Related article: US Passes Baton to Asia in Spam Relay
» SPAMfighter News - 14-01-2008