main

Attacks exploiting RealPlayer zero-day in progress

Slimy   on 19 October 2007 - 18:49 · 10 comments & 6257 views

Advertisement (Why?)
Symantec Corporation has issued an alert that rated a threat with its highest possible score after finding attackers exploiting a zero-day vulnerability in RealPlayer that infects Windows machines running Internet Explorer. An ActiveX control installed by RealNetworks Incorporated's RealPlayer program is flawed in such a way that it can be exploited and malicious code downloaded to any PC that wanders to a specially crafted site.

Only systems on which both RealPlayer and IE have been installed are vulnerable. Multiple versions of RealPlayer install the ActiveX control, including the current 10.5 and the beta of Version 11. RealNetworks has not released a fix, but Symantec said it had informed the media player's maker of the bug. Until RealNetworks releases a patch, Symantec said the best advice it can give is to disable the vulnerable ActiveX control but this requires editing the Windows registry.

News source: ComputerWorld

Share this Article

About the Author

Full name: Unknown
User name: Slimy
Contact: via forum PM
Submissions: View All
More: View Profile

Related news

Post a comment · Send to friend Comments · There are 10 additional comments
(3 replies) #1 signalpirate on 19 Oct 2007 - 18:53
people still use real player???
weird
#1.1 Amodin on 19 Oct 2007 - 20:09
Quote - (signalpirate said @ #1)
people still use real player???
weird


QFT - I didn't think anyone in their right minds would still be using RealPlayer, or any of their products for that matter...

And if there are... shame on you!
#1.2 InsaneNutter on 21 Oct 2007 - 08:55
Quote - (Amodin said @ #1.1)
Quote - (signalpirate said @ #1)
people still use real player???
weird


QFT - I didn't think anyone in their right minds would still be using RealPlayer, or any of their products for that matter...

And if there are... shame on you!


You forget real player comes pre installed on many pc's you buy from places like pc word or other pre built pc's
#1.3 sLm4ever on 22 Oct 2007 - 12:44
true... I'm really tired of my friends and relatives who just bought their PCs ... all of them they use RealPlayer ><; ...
#2 NateB1 on 19 Oct 2007 - 19:12
Another example of Real in action! I stopped using it when it installed fifty zillion icons on my desktop for various ads. Plus, it took forever to load.
#3 RAID 0 on 19 Oct 2007 - 20:27
Real player? Gawd! I hope this wipes out that crappy software forever. When I do computer work for friends and family, Real Player is one of the fist to go... after Norton.
#4 Galley on 19 Oct 2007 - 20:51
ActiveX and Internet Explorer; that's a disaster waiting to happen!
#5 georgi55 on 21 Oct 2007 - 17:07
I think that real player is Buffering............................................................................................................. , do you agree?
#6 SiDEBURNS on 21 Oct 2007 - 18:45
#7 Matt Spragins on 25 Oct 2007 - 18:26
RealNetworks has issued a patch for this vulnerability that users can download here - http://service.real.com/realplayer/securit...1007_player/en/

For more information about these patches and how the new RealPlayer has been improved, please visit the RealPlayer blog at www.realplayer.com/blog.

Matt Spragins
Real Networks

Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!

Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.

Advertisement (Why?)
News powered by Neowin Management System (Build - 5.0.1020) © 2000 - 2008 Neowin.net