In-the-wild attacks target RealPlayer zero-day flaw

By

Attacks are actively exploiting a zero-day ActiveX vulnerability in RealPlayer, researchers warned today.


Javier Santoyo, senior manager of emerging technologies at Symantec Security Response, said the attacks appear limited in scope, but users nonetheless should take precautions.

"It hits RealPlayer, and RealPlayer is popular," he told SCMagazineUS.com today. "And also it's unpatched."

When a user installs RealPlayer, the program installs a browser-helper object and an ActiveX control, which provide additional functionality when using the application in Internet Explorer. But the ActiveX control is flawed and permits attackers to pass long parameters and cause stack-based overflows, Santoyo said.

That results in the ability to execute arbitrary code and infect a victim's machine with a trojan downloader, he said.

Users can become infected when they are lured to malicious rogue websites, likely those that contain third-party advertisements containing malicious JavaScript, Santoyo said.

RealNetworks spokesman Bill Hankes told SCMagazineUS.com today that engineers are working on a patch "as we speak" and the company planned to provide a fix timeline today.

The vulnerability affects the most recent RealPlayer versions, 10.5 and 11, he said. The company has received no reports of compromised end-user PCs.

"We take any security vulnerability very seriously," Hankes said.

Santoyo said that in lieu of a patch, businesses can use any of several options to alleviate the threat. They can block the IP addresses used to perpetrate the attack, disable the browser prompt that permits active scripting to execute and set the kill-bit for the affected ActiveX control.

See original article on SC Magazine US
Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:

Most Read Articles

India's alarm over Chinese spying rocks CCTV makers

India's alarm over Chinese spying rocks CCTV makers

Woolworths' CSO is Optus-bound

Woolworths' CSO is Optus-bound

Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies

Cyber companies hope to untangle weird hacker codenames

Cyber companies hope to untangle weird hacker codenames

Log In

  |  Forgot your password?