Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
For the out-of-band Slashdot experience (mostly headlines), follow us on Twitter, or Facebook. ×
Software

+ - RealNetworks releases zero-day ActiveX fix

rbn writes: RealNetworks has issued a fix for a zero-day flaw reported by Symantec, Thurday, which affects the import method of an Active X control. The flaw is actively being exploited and the attacks appear to be targeting specific organizations, including NASA, which reportedly banned the use of Internet Explorer in response to this incident. The issue affects an ActiveX object installed by RealPlayer, accessible over the web using Internet Explorer. By instantiating the object and invoking a specific method an attacker is able to corrupt process memory and execute arbitrary code with the privileges of the browser. The attack currently known to be in-the-wild has been confirmed to download malicious code to the compromised host. RealNetworks has issued an advice to its users to upgrade immediately to its latest player and apply the patch.
This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

RealNetworks releases zero-day ActiveX fix

Comments Filter:

"This is lemma 1.1. We start a new chapter so the numbers all go back to one." -- Prof. Seager, C&O 351

Working...