RealPlayer Zero-Day Flaw Under Attack 150
openOption writes "ZDNet is reporting that hackers are actively exploiting a zero-day hole in RealNetworks' RealPlayer media player, a software program installed on tens of millions of Windows computers worldwide. The in-the-wild attacks targets a previously unknown and unpatched ActiveX vulnerability in the way RealPlayer interacts with Microsoft's Internet Explorer browser. The flaw is causing drive-by malware downloads when an IE user simply browsers to a maliciously rigged Web page."
Not in Vista (Score:4, Informative)
Real Alternative (Score:4, Informative)
Now I just have to worry about unpatched holes in Windows Media Player!
Truthfully, I already have one bloated Media Player that is part of the OS on my machine, why would I want to install another?
BTW:
http://www.free-codecs.com/download/QuickTime_Alternative.htm [free-codecs.com]
To take care of that OTHER bloated media player
Re:Installed by millions... (Score:4, Informative)
real player still part of google pack (beta)? (Score:2, Informative)
Re:Real Alternative (Score:5, Informative)
Now I just have to worry about unpatched holes in Windows Media Player!
Actually "Real Alternative" and "QuickTime Alternative" uses ripped off binary libraries straight off the official apps. It's quite likely you're vulnerable as well.
Re:Hackers are the least of their troubles... (Score:4, Informative)
Ring 0 only adds stealth to attacks that work just fine from ring 3.
MIT open courseware & Realplayer (Score:2, Informative)
Re:Hackers are the least of their troubles... (Score:1, Informative)
The VAST majority of code run on your computer runs in ring3, including your browser. Bottom line is that ring0 does not mean "administrator." It means code with system (read kernel) level privilege. This is where drivers and system calls run, not applications.