Slashdot Mirror

← Back to Stories (view on slashdot.org)

RealPlayer Zero-Day Flaw Under Attack

Posted by Zonk on from the my-kingdom-for-a-patch dept.

openOption writes "ZDNet is reporting that hackers are actively exploiting a zero-day hole in RealNetworks' RealPlayer media player, a software program installed on tens of millions of Windows computers worldwide. The in-the-wild attacks targets a previously unknown and unpatched ActiveX vulnerability in the way RealPlayer interacts with Microsoft's Internet Explorer browser. The flaw is causing drive-by malware downloads when an IE user simply browsers to a maliciously rigged Web page."

2 of 150 comments (clear)

  1. Not in Vista by El+Lobo · · Score: 4, Informative

    The vulnerability doesn't affect IE in protected (sandboxed, default) mode on Vista, of course.

    --
    It's time to realise that Abble's products are the biggest abomination these days. Just say NO to the dumb iAbble way!!
  2. Re:Real Alternative by suv4x4 · · Score: 5, Informative

    http://www.free-codecs.com/download/Real_Alternative.htm [free-codecs.com]
    Now I just have to worry about unpatched holes in Windows Media Player!

    Actually "Real Alternative" and "QuickTime Alternative" uses ripped off binary libraries straight off the official apps. It's quite likely you're vulnerable as well.