Humpty Posted October 20, 2007 Share Posted October 20, 2007 Attackers are exploiting a zero-day vulnerability in RealPlayer in order to infect Windows machines running Internet Explorer, Symantec Corp. said late Thursday. The security company issued an alert that rated the threat with its highest possible score. According to a warning issued to customers of its DeepSight threat network, Symantec said an ActiveX control installed by RealNetworks Inc.'s RealPlayer program is flawed. When combined with Microsoft Corp.'s Internet Explorer (IE) browser -- which relies on ActiveX controls to extend its functionality -- the bug can be exploited and malicious code downloaded to any PC that wanders to a specially crafted site. Only systems on which both RealPlayer and IE have been installed are vulnerable. Symantec ranked the attack as a "10" on its urgency scale because it has confirmed that attacks are being conducted in the wild; those attacks have resulted in malicious code downloaded to victimized PCs. The only bright spot: "We are not currently aware of widespread exploitation of this issue," the company's warning read. In another section of the advisory, it listed just two IP addresses that it has found hosting exploits of the RealPlayer bug. Multiple versions of RealPlayer install the ActiveX control, including the current 10.5 and the beta of Version 11. RealNetworks has not released a fix, but Symantec said it had informed the media player's maker of the bug. Computerworld PCadvisor Link to comment Share on other sites More sharing options...
Moderators rridgely Posted October 20, 2007 Moderators Share Posted October 20, 2007 Anyone actually use real player anymore? I hope not... thats about as bad as having a virus. Link to comment Share on other sites More sharing options...
Moderators Andavari Posted October 20, 2007 Moderators Share Posted October 20, 2007 thats about as bad as having a virus. A virus or other malware infection in most cases is much easier to get rid of, and that's no b.s.! Link to comment Share on other sites More sharing options...
Moderators DennisD Posted October 20, 2007 Moderators Share Posted October 20, 2007 I'm not sorry to say I binned it a few weeks ago. Link to comment Share on other sites More sharing options...
login123 Posted October 20, 2007 Share Posted October 20, 2007 Thanks, Humpty. That's the last straw. Will remove realplayer as soon as Pshadow is off...have always kept it but it is a pain and occupies almost 38 meg on the HD. The CCleaner SLIM version is always released a bit after any new version; when it is it will be HERE :-) Pssssst: ... It isn't really a cloud. Its a bunch of big, giant servers. Link to comment Share on other sites More sharing options...
Moderators Andavari Posted October 20, 2007 Moderators Share Posted October 20, 2007 That's the last straw. Will remove realplayer as soon as Pshadow is off...have always kept it but it is a pain and occupies almost 38 meg on the HD. You'd better have a good registry cleaner to remove most of it's crap that the installer will leave behind. Link to comment Share on other sites More sharing options...
Moderators DennisD Posted October 20, 2007 Moderators Share Posted October 20, 2007 I think I removed mine with Revo Uninstaller, the scan afterwards finding quite a lot of stuff. Bit the bullet and removed the lot, and thankfully I'm still here to tell the tale. Link to comment Share on other sites More sharing options...
CeeCee Posted October 20, 2007 Share Posted October 20, 2007 I use Opera, so no worries. Anyone actually use real player anymore? I hope not... thats about as bad as having a virus. I could say the same thing about IE... Patch available here: http://service.real.com/realplayer/securit...1007_player/en/ Direct download link: http://service.real.com/realplayer/securit.../securitydb.rnx RealPlayer 10.5 and RealPlayer 11 beta users should install the following patch to address this security vulnerability that aims to cause buffer overflow that could provide the potential for an attacker to run arbitrary or malicious code on a user’s PC --- Noticed from the RealPlayer log, that this file was updated: C:\Program Files\Real\RealPlayer\plugins\MPAMedia.dll. Path Copy TeraCopy Unlocker Link to comment Share on other sites More sharing options...
login123 Posted October 21, 2007 Share Posted October 21, 2007 You'd better have a good registry cleaner to remove most of it's crap that the installer will leave behind. Yes, true. Will probably just grind thru it manually. The CCleaner SLIM version is always released a bit after any new version; when it is it will be HERE :-) Pssssst: ... It isn't really a cloud. Its a bunch of big, giant servers. Link to comment Share on other sites More sharing options...
Moderators Andavari Posted October 21, 2007 Moderators Share Posted October 21, 2007 Yes, true. Will probably just grind thru it manually. With all the stuff the Beta left behind on my system that thankfully Total Uninstall removed you'll have a new significant other for a night manually removing it. Link to comment Share on other sites More sharing options...
barky Posted October 21, 2007 Share Posted October 21, 2007 Is this for the full realplayer alone or is the real alternative plugin also a risk ?? Link to comment Share on other sites More sharing options...
CeeCee Posted October 30, 2007 Share Posted October 30, 2007 New security info (October 25) for RealPlayer: http://service.real.com/realplayer/securit...2007_player/en/ edit: 500 posts. Path Copy TeraCopy Unlocker Link to comment Share on other sites More sharing options...
Mikkie Posted November 15, 2007 Share Posted November 15, 2007 uh-oh..I have Realplayer AND IE, but I don't use IE. Will I still get infected?? *crosses fingers* //NANA\\ Link to comment Share on other sites More sharing options...
CeeCee Posted November 15, 2007 Share Posted November 15, 2007 I have Realplayer AND IE, but I don't use IE. Will I still get infected?? I think you're safe then. Path Copy TeraCopy Unlocker Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now