Two widely used enterprise-grade applications, McAfee Internet Security Suite 2005 and RealPlayer Enterprise, have been hit by security flaws. Corporate McAfee installations have a bug that could allow malicious users to bypass security restrictions or disable the McAfee software, while the RealPlayer flaw could enable a remote attacker to take over a system.
While McAfee's Security Suite is available for both business and home use, the flaw affects security restrictions, which are mainly used on business desktops to limit users' authority to install programs or carry out other privileged operations. Affected versions of McAfee could allow any user to execute malicious programs with the privileges of a system administrator, says iDefense, which disclosed the flaw this week.
The problem is with the file Access Control List (ACL) settings applied by default during installation. The settings allow non-administrator users to modify the installed files, iDefense says. "Because of the fact that some of the programs run as system services, a non-administrator user can simply replace an installed McAfee Internet Security Suite 2005 file with their own malicious code that will later be executed with system privileges," the company says in an advisory.
A user could also easily disable McAfee by moving the program's executable files so that they cannot start after a reboot, iDefense says. Earlier versions of McAfee may also be affected. McAfee is distributing a patch automatically to registered users, so many systems may already be patched. Users can manually check for updates to see if they still need the patch.
The flaw in RealPlayer Enterprise is more serious, potentially exposing users to remote attacks. An attacker could create a RAM file — the standard RealPlayer format — that could execute malicious code on a user's system by exploiting a boundary error in the pnen3260.dll file and causing a buffer overflow. RealPlayer Enterprise is a configurable player without advertising or consumer features, and is part of Real's Enterprise Solution.
Affected are versions 1.1, 1.2, 1.5, 1.6 and 1.7 of RealPlayer Enterprise, both the stand-alone players and those configured by RealPlayer Enterprise Manager, RealNetworks says in an advisory. An updated version of the driver, fixing the problem, is available from Real's website.