Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror
×
Security IT

RealPlayer Zero-Day Flaw Under Attack 150

Posted by Zonk from the my-kingdom-for-a-patch dept.
openOption writes "ZDNet is reporting that hackers are actively exploiting a zero-day hole in RealNetworks' RealPlayer media player, a software program installed on tens of millions of Windows computers worldwide. The in-the-wild attacks targets a previously unknown and unpatched ActiveX vulnerability in the way RealPlayer interacts with Microsoft's Internet Explorer browser. The flaw is causing drive-by malware downloads when an IE user simply browsers to a maliciously rigged Web page."
This discussion has been archived. No new comments can be posted.

RealPlayer Zero-Day Flaw Under Attack More

RealPlayer Zero-Day Flaw Under Attack

Comments Filter:

  • Whew! (Score:4, Interesting)

    by dedazo ( 737510 ) on Friday October 19, 2007 @05:24PM (#21048557) Journal
    God, I'm so glad I bought a computer with Windows XPN, which thanks to the wisdom of the European Union and RealNetworks' claims of unfair competition against their cuasi-malware player, does not include Windows Media Player! Yes, instead the OEM installed... oh, wait. They installed RealPlayer. Holy sh #$!@&*^} NO CARRIER

  • Re:This just in: ActiveX STILL a bad idea... (Score:2, Interesting)

    by Anonymous Coward on Friday October 19, 2007 @06:12PM (#21049287)
    This vulnerability has nothing to do with ActiveX. ActiveX is just one method of hosting a plugin. Any method of hosting a plugin would be exactly as vulnerable. Anytime a browser accepts data from an outside source and passes it onto a library to handle that is a possible point of attack. There have been plenty of vulnerabilities found in non-ActiveX plugins for Internet Explorer and other browsers. There have been vulnerabilities found in the very libraries used by the browsers to display common content like images.

    This is why the Vista approach is the correct approach: sandbox the browser. The process should be locked down so tight that when a vulnerability is inevitably discovered that the damage it can cause is mitigated. Every OS and every browser needs to incorporate these mechanisms by default.

  • Re:Hackers are the least of their troubles... (Score:4, Interesting)

    by Angostura ( 703910 ) on Friday October 19, 2007 @06:38PM (#21049717)
    I can't speak about the windows version, but the OS X implementation of the free player is actually very nice to use indeed: fast and lightweight. It's the format I choose for listening to and watching BBC streaming feeds.

  • Re:Not in Vista (Score:1, Interesting)

    by Anonymous Coward on Friday October 19, 2007 @07:40PM (#21050525)
    Actually it does. If you bothered to learn the underlying components(below the API) you wouldn't sound like such a dolt.

  • Re:Oh, relax.... (Score:3, Interesting)

    by Antique Geekmeister ( 740220 ) on Friday October 19, 2007 @08:01PM (#21050767)
    No, he failed at being British. In the US, it's spelled "program".

Slashdot Top Deals

The one day you'd sell your soul for something, souls are a glut.

Close