In response to a pair of potentially dangerous security bugs, RealNetworks yesterday introduced new versions of its flagship RealPlayer software.
The company has discovered twice in less than six months flaws that could allow an attacker to create fake video files to infiltrate a victim’s computer. This points to a potential new security trend of using digital music files in attacks. RealPlayer rival Microsoft has also dealt recently with bugs in its Windows Media Player.
“RealNetworks Inc. has addressed recently discovered security vulnerabilities that offered the potential for an attacker to run arbitrary or malicious code on a customer’s machine,” the company said in a security alert. “RealNetworks has received no reports of machines compromised as a result of the now-remedied vulnerabilities. RealNetworks takes all security vulnerabilities very seriously.”
The Root of the Problem
Research company iDefense is credited with reporting one of the vulnerabilities that could allow hackers to execute malicious code through the Synchronized Multimedia Integration Language (SMIL) file format parser within various versions of RealPlayer.
The vulnerability is caused by an unbound string copying operation. SMIL is a markup language designed to present multiple media files together. For instance, instead of using a video with integrated soundtrack, a separate video and sound file can be used and synchronized via SMIL.
This allows users to choose different combinations to get different language soundtracks and permits text transcripts to be optionally presented.
User Interaction Attacks
Analysts said this is another user interaction strategy exploited by hackers. Exploitation requires an attacker to craft a malicious .smil and convince a user to open it, according to iDefense. An attacker could also force a Web browser to refresh and automatically load the .smil file from a normal Web page under the attacker’s control.
In default installations of RealPlayer under Windows, Internet Explorer will not prompt the user for an action when encountering a .smil file. It will open it without delay, thus allowing a more effective method of exploitation.
Ken Dunham, the director of malicious code research at iDefense, gave TechNewsWorld the bottom line: “There’s a great need for end user training of basic security practices to help mitigate what should be some of the easier threats to mitigate — user interaction-based worms.”