There are reports of a zero-day exploit code out in the wild for client side RealPlayer and Helix Player. A format string vulnerability found in the said media players can be exploited to execute malicious codes in the affected system. A specially crafted media, which include the .RP (realpix) and the .RT (realtext) file formats, can trigger the vulnerability.
It is also quoted in the exploit code that RealPlayer was informed about the vulnerability. However, the exploit code was released to the public before RealPlayer came up with a patch for the problem. The author of the exploit apologized for the untimely release of the code as quoted below.
“Real have been duely informed about this issue and are fixing. Sadly though, it seems someone is trying to pinch my research, as such I have been forced to release this advisory sooner than hoped. Until Real get a new release out, do not play untrusted media with RealPlayer or HelixPlayer. Sorry Real.com!
Moral of the story, don’t talk about personal research on IRC. Thank you plagiarizers”
Share this article