BleepingComputer.com: Attacks Exploiting Realplayer Zero-day In Progress

Attackers are exploiting a zero-day vulnerability in RealPlayer in order to infect Windows machines running Internet Explorer, Symantec Corp. said late Thursday. The security company issued an alert that rated the threat with its highest possible score.

According to a warning issued to customers of its DeepSight threat network, Symantec said an ActiveX control installed by RealNetworks Inc.'s RealPlayer program is flawed. When combined with Microsoft Corp.'s Internet Explorer (IE) browser -- which relies on ActiveX controls to extend its functionality -- the bug can be exploited and malicious code downloaded to any PC that wanders to a specially crafted site...

The Symantec Security Response team has uncovered new attack code that affects the RealPlayer 11.0 beta and RealPlayer 10.5 software on the Windows platform...Symantec had tested the attack and confirmed that it worked on the English version of Windows XP Service Pack 1 running Internet Explorer 6.0. Tests for the more-recent XP service pack 2 and IE 7.0 browser were ongoing.

For the attack to work, the criminal would have to trick the victim into playing a maliciously encoded web page. The flaw lies in a browser helper object, software that RealPlayer uses to help users who are experiencing technical difficulties. Once the exploit is run on the victim's machine, the attacker can download and install whatever software he wants...