Slashdot Mirror

← Back to Stories (view on slashdot.org)

RealPlayer Zero-Day Flaw Under Attack

Posted by Zonk on from the my-kingdom-for-a-patch dept.

openOption writes "ZDNet is reporting that hackers are actively exploiting a zero-day hole in RealNetworks' RealPlayer media player, a software program installed on tens of millions of Windows computers worldwide. The in-the-wild attacks targets a previously unknown and unpatched ActiveX vulnerability in the way RealPlayer interacts with Microsoft's Internet Explorer browser. The flaw is causing drive-by malware downloads when an IE user simply browsers to a maliciously rigged Web page."

11 of 150 comments (clear)

  1. Installed by millions... by Anonymous Coward · · Score: 5, Funny

    Used by no one... until now.

  2. SOFTWARE PROGRAM!!!11111```oneone by Anonymous Coward · · Score: 5, Funny


    a software program

    I like software programs. They run well on my computer PC and look nice on my display monitor. My computer PC works well, all the way from the electric power cable to the Ethernet network card, the hard disk hard drive, and my wireless keyboard keyboard and mouse mouse.

    (What are synonyms for keyboard and mouse?)

  3. Not in Vista by El+Lobo · · Score: 4, Informative

    The vulnerability doesn't affect IE in protected (sandboxed, default) mode on Vista, of course.

    --
    It's time to realise that Abble's products are the biggest abomination these days. Just say NO to the dumb iAbble way!!
  4. Experts Quickly Noted However.... by rel4x · · Score: 5, Funny

    ...that the viruses using this attack were still easier to uninstall than RealPlayer itself.

    --

    Before you mod me funny, think, perhaps I was insightfully funny?
    1. Re:Experts Quickly Noted However.... by Fx.Dr · · Score: 5, Funny

      Upon attempting to exploit the flaw, the virus was promptly greeted with ...BUFFERING... ...BUFFERING...

  5. Video press release by operagost · · Score: 4, Funny

    Real has posted a video press release on this. I would like to tell you more, but it's still buffering. Maybe they should use Media Player for their press releases.

    --

    Gamingmuseum.com: Give your 3D accelerator a rest.
  6. WARNING MS SHILL by Anonymous Coward · · Score: 5, Funny

    Nobody uses Vista because Vista's not compatible with Windows.

  7. Re:Hackers are the least of their troubles... by Dishevel · · Score: 4, Funny

    I love Real Player. Its icon is pretty and when I click on some things on the internet it works sometimes for me. If it dose not work I just figure that the people putting that bad stuff on the internet must not know what a wonderful company Microsoft is for people like me. Now if you will excuse me I need to click on something real fast so AOL doe not disconnect me again. All I need is MS programs that I can use while online with AOL with my wonderful CABLE COMPANY connection to the internet.

    --
    Why is it so hard to only have politicians for a few years, then have them go away?
  8. I suppose, it's a buffering ... by Anonymous Coward · · Score: 5, Funny

    overflow exploit, right?

  9. Oh, relax.... by Foerstner · · Score: 4, Funny

    You seem to be inexplicably tense. Perhaps you should relax for a while and watch a television program.

    Or go to the theater, and watch a play. If you have any trouble understanding it, you might find more in the program they give you. Hold on to it, they're collectible.

    Whatever you do, though, don't rely on alcohol to relieve your anxiety. If you become dependant on it, you may need a twelve-step program to get yourself back on track.

    --
    The US free market: two halves of a government-granted duopoly are free to set the market price.
  10. Re:Real Alternative by suv4x4 · · Score: 5, Informative

    http://www.free-codecs.com/download/Real_Alternative.htm [free-codecs.com]
    Now I just have to worry about unpatched holes in Windows Media Player!

    Actually "Real Alternative" and "QuickTime Alternative" uses ripped off binary libraries straight off the official apps. It's quite likely you're vulnerable as well.