October 22, 2014

New Versions of Popular Media Players QuickTime and RealPlayer Fix Multiple Security Vulnerabilities

(LiveHacking.Com) – Apple has released a new version of QuickTime to address multiple vulnerabilities that if exploited could allow an attacker to execute arbitrary code or cause a denial-of-service condition. In an unrelated release RealNetworks have released a new version of RealPlayer. These releases underline that multimedia files (video, audio and images) are a valid attack vector for hackers.

QuickTime 7.7.2 for Windows fixes a number of serious security problems most of which are triggered or by viewing a maliciously crafted website  or by viewing a maliciously crafted  multimedia file ( MP4 file, MPEG file, PNG file, QTVR movie file or JPEG2000 encoded movie file) and could lead to an unexpected application termination or arbitrary code execution.

The vulnerabilities existed because of:

  • Multiple stack overflows existed in QuickTime’s handling of TeXML files.
  • A heap overflow existed in QuickTime’s handling of text tracks.
  • A heap buffer overflow existed in the handling of H.264 encoded movie files.
  • An uninitialized memory access issue existed in the handling of MP4 encoded files.
  • An off by one buffer overflow existed in the handling of rdrf atoms in QuickTime movie files.
  • A buffer overflow existed in the handling of audio sample tables.
  • An integer overflow existed in the handling of MPEG files.
  • A stack buffer overflow existed in the QuickTime plugin’s handling of QTMovie objects.
  • A buffer overflow existed in the handling of PNG files.
  • A signedness issue existed in the handling of QTVR movie files.
  • A use after free issue existed in the handling of JPEG2000 encoded movie files.
  • A buffer overflow existed in the handling of RLE encoded movie files.
  • A buffer overflow existed in QuickTime’s handling of Sorenson encoded movie files.
  • An integer overflow existed in QuickTime’s handling of sean atoms.
  • A memory corruption issue existed in the handling of .pict files.
  • An integer underflow existed in QuickTime’s handling of audio streams in MPEG files.

Additionally opening a file in a maliciously crafted path may lead to an unexpected application termination or arbitrary code execution due to stack buffer overflow existed in QuickTime’s handling of file paths.

Some of these issues have been previously fixed on OS X in either OS X Lion v10.7.4 or Security Update 2012-001 for OS X 10.6 Snow Leopard.

RealPlayer

RealNetworks has released a new version of its RealPlayer media player application for Windows to address multiple security vulnerabilities including a MP4 file handling memory corruption, a RealMedia ASMRuleBook parsing error that can allow remote code execution and a RealJukebox Media parser buffer overrun. RealNetworks says that it has no reports of any machines actually being compromised as a result of the now-remedied vulnerabilities.

 

RealPlayer Updated to Address Security Vulnerabilities

(LiveHacking.Com) – RealNetworks has released new versions of RealPlayer to fix security related vulnerabilities. The new version, RealPlayer 15.02.71, fixes all the known bugs but there are no known reports of any machines actually being compromised as a result of the vulnerabilities.

Affected Windows versions are:

  • RealPlayer 11.0 – 11.1
  • RealPlayer SP 1.0 – 1.1.5
  • RealPlayer 14.0.0 – 14.0.7
  • RealPlayer 15.0.0 – 15.0.1.13

There is also one vulnerability which affects the Mac version of RealPlayer:

  • Mac RealPlayer 12.0.0.1701

All of the vulnerabilities could allow remote code execution:

  • rvrender RMFF Flags Remote Code Execution Vulnerability
  • RV20 Frame Size Array Remote Code Execution Vulnerability
  • VIDOBJ_START_CODE Remote Code Execution Vulnerability
  • RV40 Remote Code Execution Vulnerability
  • RV10 Encoded Height/Width Remote Code Execution Vulnerability
  • RealAudio coded_frame_size Remote Code Execution Vulnerability
  • Atrac Sample Decoding Remote Code Execution Vulnerability