Stories
Slash Boxes
Comments

News for nerds, stuff that matters

Slashdot Log In

Log In

Create Account  |  Retrieve Password

RealPlayer Zero-Day Flaw Under Attack

Posted by Zonk on Fri Oct 19, 2007 05:22 PM
from the my-kingdom-for-a-patch dept.
openOption writes "ZDNet is reporting that hackers are actively exploiting a zero-day hole in RealNetworks' RealPlayer media player, a software program installed on tens of millions of Windows computers worldwide. The in-the-wild attacks targets a previously unknown and unpatched ActiveX vulnerability in the way RealPlayer interacts with Microsoft's Internet Explorer browser. The flaw is causing drive-by malware downloads when an IE user simply browsers to a maliciously rigged Web page."
+ -
story

Related Stories

This discussion has been archived. No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
 Full
 Abbreviated
 Hidden
More
Loading... please wait.
  • by Anonymous Coward on Friday October 19 2007, @05:23PM (#21048545)
    Used by no one... until now.
  • by Anonymous Coward
    Greased up Yoda doll
    Puckered anus
    GO LINUX!
  • by Anonymous Coward on Friday October 19 2007, @05:23PM (#21048551)

    a software program

    I like software programs. They run well on my computer PC and look nice on my display monitor. My computer PC works well, all the way from the electric power cable to the Ethernet network card, the hard disk hard drive, and my wireless keyboard keyboard and mouse mouse.

    (What are synonyms for keyboard and mouse?)

    • by Foerstner (931398) on Friday October 19 2007, @06:45PM (#21049813)
      You seem to be inexplicably tense. Perhaps you should relax for a while and watch a television program.

      Or go to the theater, and watch a play. If you have any trouble understanding it, you might find more in the program they give you. Hold on to it, they're collectible.

      Whatever you do, though, don't rely on alcohol to relieve your anxiety. If you become dependant on it, you may need a twelve-step program to get yourself back on track.
  • Whew! (Score:4, Interesting)

    by dedazo (737510) on Friday October 19 2007, @05:24PM (#21048557) Journal
    God, I'm so glad I bought a computer with Windows XPN, which thanks to the wisdom of the European Union and RealNetworks' claims of unfair competition against their cuasi-malware player, does not include Windows Media Player! Yes, instead the OEM installed... oh, wait. They installed RealPlayer. Holy sh #$!@&*^} NO CARRIER
  • I don't want to be a troll, but people who install Real Player are asking for trouble.
    Wow, I just had a scary thought I managed to block just in time before passing out: Real Player. On Vista.
    • by Dishevel (1105119) on Friday October 19 2007, @05:48PM (#21048963)
      I love Real Player. Its icon is pretty and when I click on some things on the internet it works sometimes for me. If it dose not work I just figure that the people putting that bad stuff on the internet must not know what a wonderful company Microsoft is for people like me. Now if you will excuse me I need to click on something real fast so AOL doe not disconnect me again. All I need is MS programs that I can use while online with AOL with my wonderful CABLE COMPANY connection to the internet.
      • For some reason, it can still be popular on various news sites and so on, so yes, people hence use it. I guess Real simply give them some irresistible deals, because surely they aren't stupid enough to willingly use that format? I can admit that the most modern Real formats are pretty good, but the standalone player and all that isn't.
  • Not in Vista (Score:4, Informative)

    by El Lobo (994537) on Friday October 19 2007, @05:26PM (#21048601)
    The vulnerability doesn't affect IE in protected (sandboxed, default) mode on Vista, of course.
  • by rel4x (783238) on Friday October 19 2007, @05:28PM (#21048641)
    ...that the viruses using this attack were still easier to uninstall than RealPlayer itself.
  • by operagost (62405) on Friday October 19 2007, @05:39PM (#21048839) Homepage Journal
    Real has posted a video press release on this. I would like to tell you more, but it's still buffering. Maybe they should use Media Player for their press releases.
  • Real Alternative (Score:4, Informative)

    by gravis777 (123605) on Friday October 19 2007, @05:40PM (#21048849)
    http://www.free-codecs.com/download/Real_Alternative.htm [free-codecs.com]

    Now I just have to worry about unpatched holes in Windows Media Player!

    Truthfully, I already have one bloated Media Player that is part of the OS on my machine, why would I want to install another?

    BTW:
    http://www.free-codecs.com/download/QuickTime_Alternative.htm [free-codecs.com]
    To take care of that OTHER bloated media player
    • Re:Real Alternative (Score:5, Informative)

      by suv4x4 (956391) on Friday October 19 2007, @06:53PM (#21049939)
      http://www.free-codecs.com/download/Real_Alternative.htm [free-codecs.com]
      Now I just have to worry about unpatched holes in Windows Media Player!


      Actually "Real Alternative" and "QuickTime Alternative" uses ripped off binary libraries straight off the official apps. It's quite likely you're vulnerable as well.
    • And what about Netscape plugins? This is not "download ActiveX controls on demand" which was chastised and basically isn't around anymore. This is the fact that some apps on your machine say "hey, I know how to handle some data on the net, just load this dynamic library of mine and hand it the data, and I'll render it neatly in the browser".