Follow Slashdot blog updates by subscribing to our blog RSS feed


Forgot your password?
Back for a limited time - Get 15% off sitewide on Slashdot Deals with coupon code "BLACKFRIDAY" (some exclusions apply)". ×

Submission + - RealNetworks releases zero-day ActiveX fix

rbn writes: RealNetworks has issued a fix for a zero-day flaw reported by Symantec, Thurday, which affects the import method of an Active X control. The flaw is actively being exploited and the attacks appear to be targeting specific organizations, including NASA, which reportedly banned the use of Internet Explorer in response to this incident. The issue affects an ActiveX object installed by RealPlayer, accessible over the web using Internet Explorer. By instantiating the object and invoking a specific method an attacker is able to corrupt process memory and execute arbitrary code with the privileges of the browser. The attack currently known to be in-the-wild has been confirmed to download malicious code to the compromised host. RealNetworks has issued an advice to its users to upgrade immediately to its latest player and apply the patch.
This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

RealNetworks releases zero-day ActiveX fix

Comments Filter:

Nobody said computers were going to be polite.