RealPlayer security problem
Yet another ActiveX security hole is being exploited. This time it’s in RealPlayer. Greg Keizer reports:
Attackers are exploiting a zero-day vulnerability in RealPlayer in order to infect Windows machines running Internet Explorer, Symantec Corp. said late Thursday. The security company issued an alert that rated the threat with its highest possible score.
According to Symantec:
“Attacks that exploit this issue may get delivered to a victim through various means, most typically, though, this style of attack is carried out through malicious Web content,” said Symantec. “For example, the exploit could be embedded in the HTML of advertisements that are published on trusted Web sites, or could be embedded as an IFrame in a compromised Web domain.”
At the time of this posting, no patch for the problem was available. If you use RealPlayer, consider removing the RealPlayer ActiveX add-on from Internet Explorer or even uninstall RealPlayer entirely. Another approach is to disable ActiveX for your general browsing as discussed in this previous post.
As far as I have read, Firefox is not affected.
Did you enjoy this post? Why not leave a comment below and continue the conversation, or subscribe to my feed and get articles like this delivered automatically to your feed reader.
RealNetworks has issued a patch for this vulnerability that users can download here – http://service.real.com/realplayer/security/191007_player/en/
For more information about these patches and how the new RealPlayer has been improved, please visit the RealPlayer blog at http://www.realplayer.com/blog.
Matt Spragins
Real Networks