Information Security Blog

RealPlayer haunted by 11 critical vulnerabilities
A quick heads-up to any computer users out with RealPlayer installed: There are at least 11 critical vulnerabilities that expose Windows, Mac and Linux users to malicious hacker attacks.

RealNetworks released an advisory to warn of the vulnerabilities, which could be exploited via rigged image and media files to launch remote code execution attacks.

The vulnerabilities also affect some versions of the Helix Player for Linux.
Here are the details from the RealNetworks alert:

1. A heap overflow error when processing a malformed ASM Rulebook, which could be exploited to execute arbitrary code.
2. A heap overflow error when processing a malformed GIF file, which could be exploited to execute arbitrary code.
3. A buffer overflow error when processing a malformed media file, which could be exploited to execute arbitrary code.
4. A buffer overflow error when processing a malformed IVR file, which could be exploited to execute arbitrary code.
5. A heap overflow error when processing a malformed IVR file, which could be exploited to execute arbitrary code.

http://blogs.zdnet.com/security/?p=5344&tag=col1;post-5344

Microsoft confirms 17-year-old Windows vulnerability

Posted by Ryan Naraine @ 8:05 am
One day after a Google security researcher released code to expose a flaw that affects every release of the Windows NT kernel — from Windows NT 3.1 (1993) up to and including Windows 7 (2009) — Microsoft dropped a security advisory to acknowledge the issue and warn of the risk of privilege escalation attacks.

Microsoft warns that a malicious hacker could exploit this vulnerability to run arbitrary code in kernel mode. For an attack to be successful, the attacker must have valid logon credentials.

The flaw does not affect Windows operating systems for x64-based and Itanium-based computers, Microsoft said.

http://blogs.zdnet.com/security/?p=5307&tag=content;col1

As far as vulnerabilities go, being able to run arbitrary code in kernal mode is about as serious as it comes.  To me, this gives another good reason to go to the 64 bit version if you haven’t already.  While it may seem surprising to some that the same bug that existed in NT still exists in Windows 7, but you have to remember that users are funny creatures that expect all the programs they bought twenty years ago to still work.  Do you really think Microsoft coders redo every module with each new release? Of course not.

Many point out that MS knew about the bug for several months and acted slowly.  I would have to agree that an advisory was in order and a patch as soon as possible.

There does come a time when MS needs to drop support entirely for legacy applications or at a minimum, make the administrator install legacy support only if needed rather than having it turned on by default.  I really don’t imagine many folks require 16 bit application support in 2010.  Maybe I am wrong?