Threat Level: green Handler on Duty: Rob VandenBrink

SANS ISC: RealPlayer (et al) vulnerabilities & Joomla/Mambo Worm - SANS Internet Storm Center SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
RealPlayer (et al) vulnerabilities & Joomla/Mambo Worm
There are three vulnerabilities in RealPlayer and associated products that allow from remote code execution and patches have been released to remediate the problems.  The vulnerabilities are with boundary errors caused by certain SWF, MBC or specially crafted webpages that can lead to buffer overflows.  The latest version of RealPlayer is not affected and users should upgrade immediately.  The advisory can be read here with iDefense's original report being here. The matrix of vulnerable products can be seen here.  While exploiting these bugs would still require some social engineering to get people to look at a malicious file, it is still recommended users run the latest version because we all know how popular watching clips on the web is (I like the VW "unpimp my ride" commericals, personally).

A reader wrote in reporting a worm spreading through the latest Mambo/Joomla exploits and establishing an IRC connection.  When I looked it appeared the botnet was already down but it is trivial to modify the shellbot code and regenerate the botnet.  Joomla 1.0.8 was released Feb 26th and had 37 (wow) security fixes, so if you aren't running 1.0.8, you have been warned.  It doesn't appear that any new vulnerabilities have been discovered since the release.

John Bambenek
bambenek -at- gmail -dot- com

262 Posts
ISC Handler
Mar 23rd 2006

Sign Up for Free or Log In to start participating in the conversation!