Slashdot Mirror

← Back to Stories (view on slashdot.org)

RealPlayer Zero-Day Flaw Under Attack

Posted by Zonk on from the my-kingdom-for-a-patch dept.

openOption writes "ZDNet is reporting that hackers are actively exploiting a zero-day hole in RealNetworks' RealPlayer media player, a software program installed on tens of millions of Windows computers worldwide. The in-the-wild attacks targets a previously unknown and unpatched ActiveX vulnerability in the way RealPlayer interacts with Microsoft's Internet Explorer browser. The flaw is causing drive-by malware downloads when an IE user simply browsers to a maliciously rigged Web page."

8 of 150 comments (clear)

  1. Not in Vista by El+Lobo · · Score: 4, Informative

    The vulnerability doesn't affect IE in protected (sandboxed, default) mode on Vista, of course.

    --
    It's time to realise that Abble's products are the biggest abomination these days. Just say NO to the dumb iAbble way!!
  2. Real Alternative by gravis777 · · Score: 3, Informative

    http://www.free-codecs.com/download/Real_Alternative.htm

    Now I just have to worry about unpatched holes in Windows Media Player!

    Truthfully, I already have one bloated Media Player that is part of the OS on my machine, why would I want to install another?

    BTW:
    http://www.free-codecs.com/download/QuickTime_Alternative.htm
    To take care of that OTHER bloated media player

    1. Re:Real Alternative by suv4x4 · · Score: 5, Informative

      http://www.free-codecs.com/download/Real_Alternative.htm [free-codecs.com]
      Now I just have to worry about unpatched holes in Windows Media Player!

      Actually "Real Alternative" and "QuickTime Alternative" uses ripped off binary libraries straight off the official apps. It's quite likely you're vulnerable as well.

  3. Re:Installed by millions... by VagaStorm · · Score: 3, Informative
    From Wikipedia:

    A zero-day (or zero-hour) attack is a computer threat that exposes undisclosed or unpatched computer application vulnerabilities. Zero-day attacks take advantage of computer security holes for which no solution is currently available.
    --
    www.aleo.no
  4. real player still part of google pack (beta)? by sillyphisher1 · · Score: 2, Informative

    Last time I saw real player was when I installed google pack on a windows machine years ago. I love picasa and google earth, and at the time a few of the other packages seemed like nice things to get all in 1 install. Real player was the deal killer- I never could figure out what good it was. It seems like it spent more of my time and CPU cycles trying to sell me on an upgrade than doing anything useful. What was/is google thinking on that one?

  5. Re:Hackers are the least of their troubles... by egypt_jimbob · · Score: 3, Informative

    Seems simple, just assign the browser ring 3 security. Oh wait, its Windows (and the user is Administrator with no password). A spammer can still send spam from ring 3. A botnet herder can still run a bot from ring 3. A phisher can still change proxy settings from ring 3.
    Ring 0 only adds stealth to attacks that work just fine from ring 3.
    --
    I am a leaf on the wind. Watch how I soar.
  6. MIT open courseware & Realplayer by Ethanol-fueled · · Score: 2, Informative

    The evil Realplayer is still required for some MIT open courseware. They should convert those files ASAP.

  7. Re:Hackers are the least of their troubles... by Anonymous Coward · · Score: 1, Informative

    I'm not sure you know what "ring3" really means. On windows, ALL "applications" run in ring3, even ones run by the administrator. ring3 means user mode, and is apposed to ring0 which means kernel mode.

    The VAST majority of code run on your computer runs in ring3, including your browser. Bottom line is that ring0 does not mean "administrator." It means code with system (read kernel) level privilege. This is where drivers and system calls run, not applications.