writes "RealNetworks has issued a fix for a zero-day flaw reported by Symantec, Thurday, which affects the import method of an Active X control. The flaw is actively being exploited and the attacks appear to be targeting specific organizations, including NASA, which reportedly banned the use of Internet Explorer in response to this incident. The issue affects an ActiveX object installed by RealPlayer, accessible over the web using Internet Explorer. By instantiating the object and invoking a specific method an attacker is able to corrupt process memory and execute arbitrary code with the privileges of the browser. The attack currently known to be in-the-wild has been confirmed to download malicious code to the compromised host. RealNetworks has issued an advice to its users to upgrade immediately to its latest player and apply the patch."