RealNetworks patches video server vulnerability

The flaw permits what is known as a "denial- of-service" attack against specific RealServers. A denial-of- service attack is one that floods a server with a volume of bogus requests or that exploits a vulnerability so that it can't respond to legitimate demands for information. A Buenos Aires-based security firm called Underground Security Systems Research (USSR) posted a demonstration exploiting the flaw and a notification to the Bugtraq security mailing list. RealNetworks learned of the vulnerability and the demonstration exploit, dubbed "realdie.exe," through the Bugtraq post Thursday and finished work on its remedy last night. "As soon as we found out about it, we deployed a tiger team to analyze it, created a fix, put it through quality assurance testing, and posted it," a RealNetworks representative said. "We had a group of developers focused on it for the day. We treat all of these things very seriously." The denial-of-service attack and its cousin, the distributed denial-of-service attack, gained notoriety this year after attacks brought down major Web sites including Yahoo, eBay and Amazon.com.