Media Players
C5. Media Players
C5.1 Description
Media players are popularly used and have an install base of millions of systems. Content is downloaded in the form of multimedia files such as movies, video or music. This content is embedded into Web pages, presentations, or integrated into multimedia applications.
Media players can end up on systems through default installations or bundled with other software. Typically browsers are set up to "conveniently" download and open media files without requiring user interaction. They are also downloaded by users on corporate networks to facilitate transfer of multimedia content to their mobile devices.
A number of vulnerabilities have been discovered in various media players over the last year. Many of these vulnerabilities allow a malicious webpage or a media file to completely compromise a user's system without requiring much user interaction. The user's system can be compromised simply upon visiting a malicious webpage. Hence, these vulnerabilities can be exploited to install malicious software like spyware, Trojans, adware or keyloggers on users' systems. Exploit code is publicly available in many instances.
Some of the more popular media players include:
- Windows: Windows Media Player, RealPlayer, Apple Quicktime, Winamp, iTunes
- Mac OS: RealPlayer, Quicktime, iTunes
- Linux/Unix: RealPlayer, Helix Player
C5.2 Operating Systems Affected
- Microsoft Windows
- Linux/UNIX
- Mac OS X
C5.3 CVE Entries
RealPlayer and Helix Player
CVE-2006-1370, CVE-2006-0323, CVE-2005-2922, CVE-2005-4130, CVE-2005-4126, CVE-2005-3677, CVE-2005-2936
iTunes
CVE-2006-1249, CVE-2005-4092, CVE-2005-2938
Winamp
CVE-2006-0708, CVE-2005-3188, CVE-2005-2310
Quicktime
CVE-2006-2238, CVE-2006-1456, CVE-2006-1249, CVE-2005-3713, CVE-2005-3711, CVE-2005-3710, CVE-2005-3709, CVE-2005-3708, CVE-2005-3707, CVE-2005-2340, CVE-2005-4092, CVE-2005-2743
Windows Media Player
CVE-2006-0025, CVE-2006-0006, CVE-2005-3591
Macromedia Flash Player
C5.4 How to Determine If You Are Vulnerable
If you run any of these players, and you are not running the most recent version with all applicable patches, you are vulnerable to the associated attacks. Periodic system reviews of installed software can be used to track unintended media player installations as well as rogue user installations.
C5.5 How to Protect Against Media Player Vulnerabilities
Following are some common approaches to protect against these vulnerabilities:
- Keep the media players updated with all the latest patches. Most players support updating via the help or tools menus.
- Carefully review default installations of operating systems and other products to ensure they do not include unwanted media players. Configure operating systems and browsers to prevent unintentional installation.
- Use Intrusion Prevention/Detection Systems and Anti-virus and Malware Detection Software to block malicious media files.
- On corporate desktops limit installation of user downloaded software whenever possible. This will allow for better patch management and vulnerability management.
- Don't install media players on systems where media is not to be played (e.g. servers)
C5.6 References
RealNetworks Media Player Products Home Page
http://www.realnetworks.com/products/media_players.html
Security Reports
http://service.real.com/help/faq/security/
http://www.sans.org/newsletters/risk/display.php?v=4&i=40#widely1
http://www.sans.org/newsletters/risk/display.php?v=4&i=39#widely2
http://www.sans.org/newsletters/risk/display.php?v=4&i=25#widely2
Helix Player Home Page
https://player.helixcommunity.org/
News, Including Security Announcements
https://helixcommunity.org/news/
Security Reports
http://www.sans.org/newsletters/risk/display.php?v=4&i=40#widely1
http://www.sans.org/newsletters/risk/display.php?v=4&i=39#widely2
http://www.sans.org/newsletters/risk/display.php?v=4&i=25#widely2
Apple QuickTime Home Page
http://www.apple.com/quicktime/
Apple iTunes Home Page
http://www.apple.com/itunes/
Apple Security Updates
http://docs.info.apple.com/article.html?artnum=61798
QuickTime Support
http://www.apple.com/support/quicktime/
Security Reports
http://www.sans.org/newsletters/risk/display.php?v=5&i=39#06.39.25
http://www.sans.org/newsletters/risk/display.php?v=5&i=37#widely1
http://www.sans.org/newsletters/risk/display.php?v=5&i=27#06.27.34
http://www.sans.org/newsletters/risk/display.php?v=5&i=26#widely4
http://www.sans.org/newsletters/risk/display.php?v=5&i=19#widely3
http://www.sans.org/newsletters/risk/display.php?v=5&i=11#06.11.28
http://www.sans.org/newsletters/risk/display.php?v=5&i=2#widely3
http://www.sans.org/newsletters/risk/display.php?v=4&i=49#05.49.24
http://www.sans.org/newsletters/risk/display.php?v=4&i=45#widely2
Nullsoft Winamp
http://www.winamp.com/
http://www.winamp.com/about/news.php
Security Reports
http://www.sans.org/newsletters/risk/display.php?v=5&i=25#widely2
http://www.sans.org/newsletters/risk/display.php?v=5&i=8#widely2
http://www.sans.org/newsletters/risk/display.php?v=5&i=7#widely4
http://www.sans.org/newsletters/risk/display.php?v=5&i=5#widely1
Microsoft Windows Media Player Home Page
http://www.microsoft.com/windows/windowsmedia/default.aspx
Windows Media Player 10 Security
http://www.microsoft.com/windows/windowsmedia/mp10/security.aspx
Microsoft Security Bulletin Search
http://www.microsoft.com/technet/security/current.aspx
Security Reports
http://www.sans.org/newsletters/risk/display.php?v=5&i=24#widely3
http://www.sans.org/newsletters/risk/display.php?v=5&i=7#widely1
http://www.sans.org/newsletters/risk/display.php?v=5&i=7#widely3
Macromedia Flash Player Homepage
http://www.macromedia.com/software/flashplayer
Security Reports
http://www.sans.org/newsletters/risk/display.php?v=5&i=42&rss=Y#06.42.23
http://www.sans.org/newsletters/risk/display.php?v=5&i=37#widely2
http://www.sans.org/newsletters/risk/display.php?v=5&i=28#widely8
http://www.sans.org/newsletters/risk/display.php?v=5&i=19#widely5
http://www.sans.org/newsletters/risk/display.php?v=5&i=11#06.11.27
http://www.sans.org/newsletters/risk/display.php?v=4&i=46#05.46.29
http://www.sans.org/newsletters/risk/display.php?v=4&i=45#widely3
