Slashdot Log In
RealPlayer Zero-Day Flaw Under Attack
Posted by
Zonk
on Fri Oct 19, 2007 04:22 PM
from the my-kingdom-for-a-patch dept.
from the my-kingdom-for-a-patch dept.
openOption writes "ZDNet is reporting that hackers are actively exploiting a zero-day hole in RealNetworks' RealPlayer media player, a software program installed on tens of millions of Windows computers worldwide. The in-the-wild attacks targets a previously unknown and unpatched ActiveX vulnerability in the way RealPlayer interacts with Microsoft's Internet Explorer browser. The flaw is causing drive-by malware downloads when an IE user simply browsers to a maliciously rigged Web page."
Related Stories
Firehose:RealPlayer Zero-Day Flaw Under Attack by Anonymous Coward
This discussion has been archived.
No new comments can be posted.
RealPlayer Zero-Day Flaw Under Attack
|
Log In/Create an Account
| Top
| 150 comments
| Search Discussion
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
Installed by millions... (Score:5, Funny)
I suppose, it's a buffering ... (Score:5, Funny)
Re:Installed by millions... (Score:4, Informative)
(http://www.aleo.no/)
Good thing I don't use Real (Score:2, Funny)
Puckered anus
GO LINUX!
SOFTWARE PROGRAM!!!11111```oneone (Score:5, Funny)
a software program
I like software programs. They run well on my computer PC and look nice on my display monitor. My computer PC works well, all the way from the electric power cable to the Ethernet network card, the hard disk hard drive, and my wireless keyboard keyboard and mouse mouse.
(What are synonyms for keyboard and mouse?)
Oh, relax.... (Score:5, Funny)
Or go to the theater, and watch a play. If you have any trouble understanding it, you might find more in the program they give you. Hold on to it, they're collectible.
Whatever you do, though, don't rely on alcohol to relieve your anxiety. If you become dependant on it, you may need a twelve-step program to get yourself back on track.
Whew! (Score:4, Interesting)
(Last Journal: Friday August 31, @07:08PM)
Hackers are the least of their troubles... (Score:2, Funny)
(http://www.ecuadors.net/)
Wow, I just had a scary thought I managed to block just in time before passing out: Real Player. On Vista.
Re:Hackers are the least of their troubles... (Score:4, Interesting)
Re:Hackers are the least of their troubles... (Score:4, Informative)
(http://0xegypt.blogspot.com/ | Last Journal: Saturday October 13, @02:07AM)
Ring 0 only adds stealth to attacks that work just fine from ring 3.
Re:Hackers are the least of their troubles... (Score:4, Funny)
Not in Vista (Score:4, Informative)
WARNING MS SHILL (Score:5, Funny)
Experts Quickly Noted However.... (Score:5, Funny)
Re:Experts Quickly Noted However.... (Score:5, Funny)
Huh. (Score:1)
(http://platea.us/)
Video press release (Score:5, Funny)
(http://operagost.com/ | Last Journal: Monday May 01 2006, @12:08PM)
I wouldn't worry... (Score:2, Funny)
Real Alternative (Score:4, Informative)
Now I just have to worry about unpatched holes in Windows Media Player!
Truthfully, I already have one bloated Media Player that is part of the OS on my machine, why would I want to install another?
BTW:
http://www.free-codecs.com/download/QuickTime_Alternative.htm [free-codecs.com]
To take care of that OTHER bloated media player
Re:Real Alternative (Score:5, Informative)
Now I just have to worry about unpatched holes in Windows Media Player!
Actually "Real Alternative" and "QuickTime Alternative" uses ripped off binary libraries straight off the official apps. It's quite likely you're vulnerable as well.
Get with it (Score:2, Funny)
(http://www.linicks.net/)
No need to worry! - Screen shot of virus. (Score:1, Funny)
Worried? Nah (Score:2, Funny)
(Last Journal: Tuesday October 02, @01:09PM)
browser, -noun, a person or thing that browses (Score:2, Funny)
I like the use of the word browser as a verb.
Also, drive-by malware downloads? This hood is no longer safe, yo!
"Browsers to a maliciously rigged Web page" (Score:2)
(http://www.deadgobot.com/ | Last Journal: Wednesday September 05, @10:26AM)
Please, no more stupid verbs-nee-nouns.
"Blog" should have been smothered in the crib, let's not loose another monster.
real player still part of google pack (beta)? (Score:2, Informative)
Soon to be on Slashdot: (Score:1)
(http://www.slaxer.com/)
Real Player still exists?? (Score:1)
Is Real Player still around???
it's 2007... (Score:1)
(http://www.geocities.com/labwerx)
Wow.
After that wretched "G2 Phone Home" crap and the whole "tell me who your are so I can spam the hell out of you unless you use a fake email address like 'realsucks@pissoff.com'" crap, I'm really suprised ANYONE uses the stuff. I haven't come across a single site in the last few years that uses Real to stream, and all of my musician buddies stopped encoding in Real format back in 2001 or so.
File this exploit under "does anyone really care?". It's like finding a zero-day exploit for Windows 3.11 or MS Bob.
The Sole User of Real Here (Score:1)
(http://www.nealgrosskopf.com/)
Drive-by? (Score:1)
What is ActiveX? (Score:1)
(http://www.users.qwest.net/~waffleck-asch/ | Last Journal: Wednesday November 07, @04:46PM)
MIT open courseware & Realplayer (Score:2, Informative)
Only Zero day flaws? (Score:1)
ActiveX in IE (Score:1)
Only affecting badly managed systems (Score:2)
Of course this flaw only affects badly managed systems where the user is browsing the Internet while logged on as an Adminstrator.
Microsoft is trying to discourage this but the users are too stupid to realize what they are doing wrong, and keep adding themselves to the Administrators group and keep trying to get rid of "annoying" popups that tell them they need to supply their password before the system will install software.
Just like a plague. (Score:1)
(Last Journal: Saturday January 20 2007, @03:47PM)
The last time I was forced to install the RealPlayer just to watch a piece on a website I was subjugated into a series of humiliating requests: screen after screen the installation process was going to possess all my media, substitute all the other legit players and link all the way possible into some shitty music download service.
As soon as I recorded the piece in another DRM free format I disinstalled that stinky crap and run several scan for spyware because ultimately reaplayer is more a posses-my-pc-experience than a player.
Conclusion: Those people running Realplayer showed they like to be abused by the same act of agreeing to the installation process. They thus deserve to be exploited by hackers. Anyway I guess those same people have been allready running bonzi buddy all this time.
Virus through RealPlayer... (Score:2)
Re:This just in: ActiveX STILL a bad idea... (Score:2)
Re:This just in: ActiveX STILL a bad idea... (Score:1)
Re:This just in: ActiveX STILL a bad idea... (Score:2, Interesting)
This is why the Vista approach is the correct approach: sandbox the browser. The process should be locked down so tight that when a vulnerability is inevitably discovered that the damage it can cause is mitigated. Every OS and every browser needs to incorporate these mechanisms by default.
1997 called. They want their security alerts back (Score:1)
Re:Great. More Patches. (Score:2)
When using a Windows system as a normal user, those exploits do not stand a chance. That would be similar to using Linux as a normal user, not root.
Of course far too many wannabe-windows-admins have yelled "cannot do that, need to be admin to run many programs" because they found that in 2000 and never checked again.
Re:I'm done with Real- Share the Wealth Dude! (Score:1)
(http://www.rentwars.com/)