RealPlayer Zero-Day Flaw Under Attack 150
openOption writes "ZDNet is reporting that hackers are actively exploiting a zero-day hole in RealNetworks' RealPlayer media player, a software program installed on tens of millions of Windows computers worldwide. The in-the-wild attacks targets a previously unknown and unpatched ActiveX vulnerability in the way RealPlayer interacts with Microsoft's Internet Explorer browser. The flaw is causing drive-by malware downloads when an IE user simply browsers to a maliciously rigged Web page."
Whew! (Score:4, Interesting)
Re:This just in: ActiveX STILL a bad idea... (Score:2, Interesting)
This is why the Vista approach is the correct approach: sandbox the browser. The process should be locked down so tight that when a vulnerability is inevitably discovered that the damage it can cause is mitigated. Every OS and every browser needs to incorporate these mechanisms by default.
Re:Hackers are the least of their troubles... (Score:4, Interesting)
Re:Not in Vista (Score:1, Interesting)
Re:Oh, relax.... (Score:3, Interesting)