 |
|
 |
| Tuesday, February 07, 2012
|
| Register Login |
 |
|
|
|
|
Users currently online
|
 |
|
|
|
 |
Membership: |
 |
Latest:
kevin |
 |
New Today:
0 |
 |
New Yesterday:
0 |
 |
Overall:
56 |
 |
People Online: |
 |
Visitors:
5 |
 |
Members:
0 |
 |
Total:
5 |
Online Now:
|
|
|
|
|
|
|
|
|
|
Welcome to the Viruswarning forums. All your original content has been ported to the new forums as well as new content and additional opportunities to interact with the authors of Viruswarn.com. You can always access old content at www.leedrake.com/forum . You may find some formatting was lost in the conversion and the older versions of the posts to be more readable....
But at least it's all here.
Enjoy!
|
|
|
|
|
|
Viruswarn Forums
|
|
|
|
|
| You are not authorized to post a reply.
|
|
| Author |
Messages |
|
Lee Drake
Posts:238
 |
| 10/29/2004 7:27 AM |
|
| What Is It?
Serious security problems have been identified, documented, and fixed in two of the three popular media player programs, RealPlayer and QuickTime.
RealPlayer
A buffer overflow has been identified and documented in several versions of the RealPlayer media players, which many people use to view streaming video and listen to music both online and off. These buffer overflows enable a malicious programmer to take complete control of your computer and do anything that you can do, including installing programs that can turn your computer into a spam zombie, steal your identity, or anything else.
According to information published by manufacturer RealNetworks and reported by Windows IT Pro magazine, PC World, and other news outlets, the following products are affected.
RealPlayer 10.5 (6.0.12.1053 and earlier)
RealPlayer 10
RealOne Player versions 1 and 2
When a specially constructed .rjs file is opened in any of the above players or in a Web browser (which uses the player to open it), the author can take over your machine. According to the article in PC World, cited below, the affected files are "skin" files. These files, which let you change the appearance of the program, are very popular, and they are tempting to install and test.
You should treat all "skin" files as software, because they can, and often do, contain executable code. Some of this code is necessary to enable them to work. However, this also creates the potential for mischief. By "treat it as software", we mean the following.
Obtain skins (and other software) only from trustworthy sources. For example, you are probably safe getting skins from the vendor of the software.
If you receive a "skin" file attached to an email message, even if it appears to come from someone you trust, such as one of the authors of these notices, check with the alleged sender before you install it.
Unless you are serious about using it, avoid installing "skins" and other add-on software. In addition to the security risks, add-on software complicates trouble shooting and is just something else to break.
QuickTime
This vulnerability affects both Mac and PC users.
According to PC World, Apple released a patch for QuickTime versions prior to 6.5.2. The patch fixes the integer overflow error that was just reported and extends a patch to cover an issue involving malicious code hidden in a bitmap file to cover Windows systems. They released a fix for Mac versions at the end of last month. Though details of the integer overflow bug are sketchy, the problem of malicious code in bitmap files is serious because we generally trust image files to be safe. According to Apple and Internet News, the bitmap bug is a heap overflow that affects the way bitmap files are decoded. The Apple Web notice reads as follows.
Flaws in decoding the BMP image type could overwrite heap memory and potentially allow the execution of arbitrary code hidden in an image. This is the same security enhancement that was made available in Security Update 2004-09-30, and can be deployed on the additional system configurations covered by this QuickTime update.
A close reading of the two notices reveals that the October release is the first to include Windows versions of the player.
What Should I Do?
Please see the heading below for the media player(s) that you use. Some of us, including the author, use two or more players, because some files require a specific player. Check your system and identify which players you have installed, then follow the steps in the appropriate section below.
RealPlayer
If you use RealPlayer, do the following.
Open RealPlayer from the Start Menu or your desktop shortcut.
Click the Tools menu.
Click the Check for Update option.
Follow the prompts to complete the installation.
Whether or not you are prompted to do so, we recommend that you restart your computer.
QuickTime
The latest version of QuickTime is 6.5.2; you can check the version of your player by choosing the "About QuickTime Player" option from the Help menu.
Open QuickTime from the Start Menu or your desktop shortcut.
Click on the Help menu.
Click on Update Existing Software.
When the list of update displays, click the Update button and follow the prompts.
Though the update installs without shutting down QuickTime, you must do so in order to begin using the new version.
As always, we recommend you restart your computer after you install new software..
Additional Safety Measures
In addition to these steps, you should do your best to avoid allowing files from untrustworthy sources onto your computer. Among other things, this means the following.
Refrain from clicking on links embedded in unsolicited mail.
Unless your mail program displays text only, disable the preview pane.
Even if you think a message is from someone whom you trust, read the body closely enough to assure yourself that the message really did come from that person. For example, if you get something that appears to be from me, but it doesn't look like something I would write, it probably is from someone masquerading as me, such as a spammer's robot program.
Keep your virus signatures up to date. Most software will do this automatically but you must enable this feature.
Run an active personal firewall such as ZoneAlarm, and keep it up to date.
Install a hardware NAT router such as thee Linksys BEFSR41 between your computer and your cable or DSL modem.
References
For those who are insatiably curious, below are the references that I used to compile this article.
http://service.real.com/help/faq/security/041026_player/EN/ is the official security bulletin from RealNetworks. It gives detailed information about affected versions for Windows, Mac, Linux, and several hand held devices.
http://docs.info.apple.com/article.html?artnum=61798 is the current official Apple Security Updates page. The integer overflow and heap overflow bugs in QuickTime are discussed further down the page under the subheading "Security Update 2004-10-27."
http://www.windowsitpro.com/article/articleid/44359/44359.html, "Arbitrary Code Execution Vulnerability in RealPlayer," in Windows IT Pro magazine, discusses the problem with RealPlayer. Since this magazine caters to system administrators and systems programmers, the coverage is technical.
http://www.pcworld.com/news/article/0,aid,118369,00.asp, "QuickTime, RealPlayer Patch Security Holes," in PC World magazine, discuses both RealPlayer and QuickTime.
http://www.internetnews.com/security/article.php/3428281, "Apple Update Patches QuickTime," in Internet News, discusses the integer overflow and an unrelated heap overflow bug in the QuickTime player in some detail.
This concludes this VirusWarn notice.
David Gray
P6 Consulting
V: +1 (817) 896-1114
F: +1 (817) 294-1830
TZ: USA Central, GMT -5
E: mailto:dagray@p6c.com
W: http://www.p6c.com
6913 Wilton Drive
Fort Worth, TX 76133-6130
USA
You are more important than any technology we may employ.
|
|
|
|
|
|
| You are not authorized to post a reply. |
|
|
|
ActiveForums 3.6
|
|
|
|
|
|
|
|