Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Attacks Exploiting Realplayer Zero-day In Progress


  • Please log in to reply
1 reply to this topic

#1 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,143 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:24 AM

Posted 19 October 2007 - 01:07 PM

Attackers are exploiting a zero-day vulnerability in RealPlayer in order to infect Windows machines running Internet Explorer, Symantec Corp. said late Thursday. The security company issued an alert that rated the threat with its highest possible score.

According to a warning issued to customers of its DeepSight threat network, Symantec said an ActiveX control installed by RealNetworks Inc.'s RealPlayer program is flawed. When combined with Microsoft Corp.'s Internet Explorer (IE) browser -- which relies on ActiveX controls to extend its functionality -- the bug can be exploited and malicious code downloaded to any PC that wanders to a specially crafted site...

computerworld.com

The Symantec Security Response team has uncovered new attack code that affects the RealPlayer 11.0 beta and RealPlayer 10.5 software on the Windows platform...Symantec had tested the attack and confirmed that it worked on the English version of Windows XP Service Pack 1 running Internet Explorer 6.0. Tests for the more-recent XP service pack 2 and IE 7.0 browser were ongoing.

For the attack to work, the criminal would have to trick the victim into playing a maliciously encoded web page. The flaw lies in a browser helper object, software that RealPlayer uses to help users who are experiencing technical difficulties. Once the exploit is run on the victim's machine, the attacker can download and install whatever software he wants...

RealPlayer users warned of dangerous exploit
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor

  • Topic Starter

  • Global Moderator
  • 51,143 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:24 AM

Posted 21 October 2007 - 05:03 PM

RealPlayer (BETA Security Patch)
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users