NOW READ THIS
("Security Advisory")

Go Back

Submitted by: Bill Hickey
NCVA List Master

NRT-0318 RealPlayer and Internet Explorer Zero-Day Flaw:


Symantec has warned that attackers are exploiting a zero-day vulnerability in RealPlayer to infect Windows machines running Internet Explorer, according to an online press report. The company said an ActiveX control installed by RealNetworks Inc.'s RealPlayer program is flawed. When combined with the use of the Internet Explorer (IE) browser - which relies on ActiveX controls to extend its functionality - the bug can be exploited, and malicious code downloaded to any PC that wanders to a specially-crafted site. Only systems on which both RealPlayer and IE have been installed are vulnerable.

Symantec ranked the vulnerability as a "10" - its highest level - on its urgency scale because it has confirmed that attacks are being conducted in the wild; those attacks have resulted in malicious code downloaded to victim PCs. However, the company noted, "We are not currently aware of widespread exploitation of this issue." The advisory listed just two IP addresses that Symantec has found to have been compromised via the RealPlayer bug.

Symantec refrenced a blog that had posted some information about the RealPlayer vulnerability during the morning of 17October. The blogger, identified only as Roger, claimed that the NASA space agency has warned workers not to use IE because of an unspecified problem with RealPlayer. Roger quoted from what he claimed was a NASA bulletin. "The malware appears to be spreading through a large variety of common and highly-respected internet sites," the NASA warning reportedly said. "However it does not appear these sites are themselves infected. The affected sites are serving solely as a mechanism to attract potential victims."

(www.computerworld.com 19OCT07)


Valid XHTML 1.0! Valid CSS! Counter Image
Last Modified: Sunday, 28-Oct-2007 10:20:39 EDT