Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

RealNetworks releases zero-day ActiveX fix

Anonymous Coward writes | about 7 years ago

Software 0

rbn (666) writes "RealNetworks has issued a fix for a zero-day flaw reported by Symantec, Thurday, which affects the import method of an Active X control. The flaw is actively being exploited and the attacks appear to be targeting specific organizations, including NASA, which reportedly banned the use of Internet Explorer in response to this incident. The issue affects an ActiveX object installed by RealPlayer, accessible over the web using Internet Explorer. By instantiating the object and invoking a specific method an attacker is able to corrupt process memory and execute arbitrary code with the privileges of the browser. The attack currently known to be in-the-wild has been confirmed to download malicious code to the compromised host. RealNetworks has issued an advice to its users to upgrade immediately to its latest player and apply the patch."

Sorry! There are no comments related to the filter you selected.

Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?