When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.

Attacks exploiting RealPlayer zero-day in progress

Symantec Corporation has issued an alert that rated a threat with its highest possible score after finding attackers exploiting a zero-day vulnerability in RealPlayer that infects Windows machines running Internet Explorer. An ActiveX control installed by RealNetworks Incorporated's RealPlayer program is flawed in such a way that it can be exploited and malicious code downloaded to any PC that wanders to a specially crafted site.

Only systems on which both RealPlayer and IE have been installed are vulnerable. Multiple versions of RealPlayer install the ActiveX control, including the current 10.5 and the beta of Version 11. RealNetworks has not released a fix, but Symantec said it had informed the media player's maker of the bug. Until RealNetworks releases a patch, Symantec said the best advice it can give is to disable the vulnerable ActiveX control but this requires editing the Windows registry.

News source: ComputerWorld

Report a problem with article
Next Article

EA wants 'open gaming platform'

Previous Article

Adobe eyes move to software-as-a-service

Join the conversation!

Login or Sign Up to read and post a comment.

9 Comments - Add comment