Attacks started on users of Internet Explorer and RealPlayer 0day exploit.

I haven’t really heard of many RealPlayer exploits, however this zero day one is a nasty. This is an Internet Explorer exploit only, so if you’re using FireFox you’re in luck.

I haven’t really heard of many RealPlayer exploits, however this zero day one is a nasty. This is an Internet Explorer exploit only, so if you’re using FireFox you’re in luck.

October 19, 2007 (Computerworld) — Attackers are exploiting a zero-day vulnerability in RealPlayer in order to infect Windows machines running Internet Explorer, Symantec Corp. said late Thursday. The security company issued an alert that rated the threat with its highest possible score.

According to a warning issued to customers of its DeepSight threat network, Symantec said an ActiveX control installed by RealNetworks Inc.’s RealPlayer program is flawed. When combined with Microsoft Corp.’s Internet Explorer (IE) browser — which relies on ActiveX controls to extend its functionality — the bug can be exploited and malicious code downloaded to any PC that wanders to a specially crafted site.

Only systems on which both RealPlayer and IE have been installed are vulnerable.

Read the full article at computerworld.com


Did you like this article?


0 Shares:
You May Also Like

Why Red Hat doesn’t need a deal with Microsoft

This is a good article, talks about RedHat and Microsoft and how RedHat knows whats actually going down.
Why Red Hat doesn't need a deal with Microsoft -

The trade press reported a lot of rumors this past week about the chances for a patent protection pact between Red Hat and Microsoft similar to the agreements Microsoft negotiated with Novell, Xandros, and Linspire. Red Hat doesn't appear to be interested in the least. Here's why.

[Linux.com]
Read More

24-hour Test Drive of PC-BSD

My original colocation machine was FreeBSD 4.2 and it was fun to play with. The package system was great, you could either compile or install pre-compiled versions. However, when you upgrade and leave compiled/pre-compiled packages dormant. They can come back to bit you in the ass with dependency issues and the package database breaking. I'm glad someone is making an effort to make it more user friendly, although I don't run BSD I love a lot of its features. 24-hour Test Drive of PC-BSD - An anonymous reader writes "Ars Technica has a concise introduction to PC-BSD, a FreeBSD derivative that emphasizes ease of use and aims to convert Windows users. The review describes the installation process, articulates the advantages of PC-BSD,and reveal some of the challenges that the reviewer faced along the way. From the article: 'In the end, I would suggest this distribution to new users provided they had someone to call in case of a driver malfunction during installation. I would also recommend PC-BSD to seasoned Unix users that have never tried using FreeBSD before and would prefer a shallower learning curve before getting down to business.'"

Read more of this story at Slashdot.

[Slasdot]
Read More

Final Draft of GPLv3 Allows Novell-Microsoft Deal

Final Draft of GPLv3 Allows Novell-Microsoft Deal - famicommie writes "All of Novell's fingernail biting has been for naught. In a display of forgiveness and bridge building on behalf of the FSF, ZDNet reports that the final draft of the GPLv3 will close the infamous MS-Novell loophole while allowing deals made previously to continue. From the article: 'The final, last-call GPLv3 draft bans only future deals for what it described as tactical reasons in a 32-page explanation of changes. That means Novell doesn't have to worry about distributing software in SLES that's governed by the GPLv3 ... Drafting the new license has been a fractious process, but Eben Moglen, the Columbia University law school professor who has led much of the effort, believes consensus is forming. That agreement is particularly important in the open-source realm, where differing license requirements can erect barriers between different open-source projects.'"

Read more of this story at Slashdot.

[Slasdot]
Read More