Attacks exploiting RealPlayer

[Humpty]

Attackers are exploiting a zero-day vulnerability in RealPlayer in order to infect Windows machines running Internet Explorer, Symantec Corp. said late Thursday. The security company issued an alert that rated the threat with its highest possible score.

 

According to a warning issued to customers of its DeepSight threat network, Symantec said an ActiveX control installed by RealNetworks Inc.'s RealPlayer program is flawed. When combined with Microsoft Corp.'s Internet Explorer (IE) browser -- which relies on ActiveX controls to extend its functionality -- the bug can be exploited and malicious code downloaded to any PC that wanders to a specially crafted site.

 

Only systems on which both RealPlayer and IE have been installed are vulnerable.

 

Symantec ranked the attack as a "10" on its urgency scale because it has confirmed that attacks are being conducted in the wild; those attacks have resulted in malicious code downloaded to victimized PCs. The only bright spot: "We are not currently aware of widespread exploitation of this issue," the company's warning read. In another section of the advisory, it listed just two IP addresses that it has found hosting exploits of the RealPlayer bug.

 

Multiple versions of RealPlayer install the ActiveX control, including the current 10.5 and the beta of Version 11. RealNetworks has not released a fix, but Symantec said it had informed the media player's maker of the bug.

Computerworld

PCadvisor

[rridgely]

Anyone actually use real player anymore? I hope not... thats about as bad as having a virus.

[Andavari]

thats about as bad as having a virus.

A virus or other malware infection in most cases is much easier to get rid of, and that's no b.s.!

[DennisD]

I'm not sorry to say I binned it a few weeks ago.

[login123]

Thanks, Humpty.

 

That's the last straw. Will remove realplayer as soon as Pshadow is off...have always kept it but it is a pain and occupies almost 38 meg on the HD.

[Andavari]

That's the last straw. Will remove realplayer as soon as Pshadow is off...have always kept it but it is a pain and occupies almost 38 meg on the HD.

You'd better have a good registry cleaner to remove most of it's crap that the installer will leave behind.

[DennisD]

I think I removed mine with Revo Uninstaller, the scan afterwards finding quite a lot of stuff.

 

Bit the bullet and removed the lot, and thankfully I'm still here to tell the tale.

[CeeCee]

I use Opera, so no worries.

 

Anyone actually use real player anymore? I hope not... thats about as bad as having a virus.

I could say the same thing about IE...

 

 

Patch available here: http://service.real.com/realplayer/securit...1007_player/en/

Direct download link: http://service.real.com/realplayer/securit.../securitydb.rnx

 

RealPlayer 10.5 and RealPlayer 11 beta users should install the following patch to address this security vulnerability that aims to cause buffer overflow that could provide the potential for an attacker to run arbitrary or malicious code on a user’s PC

 

---

 

Noticed from the RealPlayer log, that this file was updated: C:\Program Files\Real\RealPlayer\plugins\MPAMedia.dll.

[login123]

You'd better have a good registry cleaner to remove most of it's crap that the installer will leave behind.

 

Yes, true. Will probably just grind thru it manually.

[Andavari]

Yes, true. Will probably just grind thru it manually.

With all the stuff the Beta left behind on my system that thankfully Total Uninstall removed you'll have a new significant other for a night manually removing it.

[barky]

Is this for the full realplayer alone or is the real alternative plugin also a risk ??

[CeeCee]

New security info (October 25) for RealPlayer: http://service.real.com/realplayer/securit...2007_player/en/

 

edit: 500 posts.

[Mikkie]

uh-oh..I have Realplayer AND IE, but I don't use IE. Will I still get infected??

*crosses fingers*

[CeeCee]

I have Realplayer AND IE, but I don't use IE. Will I still get infected??

I think you're safe then.