Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

×
Software

+ - RealNetworks releases zero-day ActiveX fix

Submitted by rbn
rbn (666) writes "RealNetworks has issued a fix for a zero-day flaw reported by Symantec, Thurday, which affects the import method of an Active X control. The flaw is actively being exploited and the attacks appear to be targeting specific organizations, including NASA, which reportedly banned the use of Internet Explorer in response to this incident. The issue affects an ActiveX object installed by RealPlayer, accessible over the web using Internet Explorer. By instantiating the object and invoking a specific method an attacker is able to corrupt process memory and execute arbitrary code with the privileges of the browser. The attack currently known to be in-the-wild has been confirmed to download malicious code to the compromised host. RealNetworks has issued an advice to its users to upgrade immediately to its latest player and apply the patch."
This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

RealNetworks releases zero-day ActiveX fix

Comments Filter:

"There is no statute of limitations on stupidity." -- Randomly produced by a computer program called Markov3.

Working...