Russian Firm Demos RealPlayer Zero-Day Exploit
If you use RealNetworks' RealPlayer software, you might want to pay close attention to this demo from the folks at Gleg Ltd., a Russian vulnerability research and exploit creation outfit. According to Gleg founder Evgeny Legerov, there is a zero-day vulnerability that allows code execution in RealPlayer 11, the most up-to-date version of the cross-platform media player. 
Gleg released the exploit on Dec. 16 as part of its VulnDisco exploit package, which is sold to corporate penetration testing firms. Gleg partners with Dave Aitel's Immunity to distribute vulnerability research and exploits. According to this New York Times report by Brad Stone, Gleg sells exploits to about a dozen corporate customers around the world, with fees starting at $10,000 for periodic updates. The US-CERT (United States Computer Emergency Response Team) has issued a flash warning for the latest RealPlayer security hiccup, which is clearly related to the Gleg exploit demo.
We are aware of this new warning that has been issued by US-CERT and our folks are investigating. Will keep you posted as we know more. Last October, the company was forced to rush out two security updates to fix vulnerabilities that were being used in in-the-wild zero-day attacks. |
Comments (5)
Why do we use government money from "United States Computer Emergency Response Team" to monitor private software?
Delete Real Network software from your computer, issue resolved.
Posted by Ted Bundy | February 2, 2008 2:54 PM
Why do we use government money from "US Jsutice Department" to save low-quality companies like Real Networks from "monopolies" like Microsoft, when all they do is introduce security vulnerabilities to your PC?
Delete Real Networks from the corporate landscape and save money for the government and Microsoft's shareholders!
Issue resolved ...
(;
Posted by PMC | February 10, 2008 3:39 PM
And why should Gleg or any other security company give it away? Why should a sucky company like Real have someone doing their research for free?
This is capitalism at work. Stop whining. This is what the west exported to commie countries like the USSR. Can't stomach a dose of your own medicine, eh, Real?
Posted by Matt L | February 10, 2008 11:59 PM
You can test the exploit in my URL
Posted by Ted Bundy is right | February 11, 2008 12:06 AM
To Matt L. -- because it's the right thing to do?
Or do you agree with the premise that if you are in the middle of the desert with no gas and no water, I should ask you for your wallet before I even consider helping you out? It's only "capitalism at work" afterall.
Yeah, I didn't think so.
Posted by Matt K | February 13, 2008 5:09 PM