VoyForums
[ Show ]
Support VoyForums
[ Shrink ]
VoyForums Announcement: Programming and providing support for this service has been a labor of love since 1997. We are one of the few services online who values our users' privacy, and have never sold your information. We have even fought hard to defend your privacy in legal cases; however, we've done it with almost no financial support -- paying out of pocket to continue providing the service. Due to the issues imposed on us by advertisers, we also stopped hosting most ads on the forums many years ago. We hope you appreciate our efforts.

Show your support by donating any amount. (Note: We are still technically a for-profit company, so your contribution is not tax-deductible.) PayPal Acct: Feedback:

Donate to VoyForums (PayPal):

Login ] [ Main index ] [ Post a new message ] [ Search | Check update time | Archives: [1]2345678910 ]

[ Next Thread | Previous Thread | Next Message | Previous Message ]

Date Posted: 07:07:08 08/20/02 Tue
Author: Anonymous
Subject: DO NOT CLICK ON THE REALPLAYER LINK BELOW

ITS AN ATTEMPT AT A DENIAL OF SERVICE ATTACK AND WILL TRY TO FILL UP YOUR CPU UNTIL YOUR PC CRASHES. NOTHING FATAL OR TERRIBLY HARMFUL BUT A PAIN IN THE BUTT MOSTLY.

IF YOU OPEN THE FILE AND IT BEGINS DOWNLOADING ON SOME OCCASIONS IT DOES NOT STOP AND YOU HAVE TO MANUALLY LOG OFF THE NET. Here's some info:

http://www.iss.net/security_center/static/8320.php

Real Player for Windows invalid .mp3 file denial of service

Description:

RealNetworks RealPlayer version 8.0 for Microsoft Windows is vulnerable to a denial of service attack. A remote attacker can append a .mp3 file extension to a malicious file to consume 100% of the CPU resources when RealPlayer attempts to open the malicious file, causing the system to crash.

Platforms Affected:
RealPlayer 8.0
Windows 2000: All Versions

Remedy:

No remedy available as of March 2002.

Consequences:
Denial of Service

**************
http://online.securityfocus.com/bid/4200/info/

RealPlayer is a media player for Windows, Macintosh, Linux and Solaris. It has been reported that it is possible to cause RealPlayer 8 for Windows to consume 100% of available CPU resources, leading to a potential denial of service condition.

Allegedly this condition can be caused by placing maliciously constructed data into a file named with the .mp3 extension. This file must then be referenced in a web page viewed through Internet Explorer, and the link followed by the vulnerable user. When the file is automatically opened in RealPlayer, it has been reported that the process will hang, consuming 100% of the available CPU resources. The process will have to be manually killed.

vulnerable:

Real Networks RealPlayer 8.0 Win32
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 98
- Microsoft Windows 98 SP1
- Microsoft Windows 98SE
- Microsoft Windows ME
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows XP
- Microsoft Windows XP Home
- Microsoft Windows XP Professional

[ Next Thread | Previous Thread | Next Message | Previous Message ]
Forum timezone: GMT-5
VF Version: 3.00b, ConfDB:
Before posting please read our privacy policy.
VoyForums(tm) is a Free Service from Voyager Info-Systems.
Copyright © 1998-2019 Voyager Info-Systems. All Rights Reserved.