For those using Microsoft Internet Explorer, visiting a malicious Web page could result in a compromised computer.
A zero-day vulnerability in the latest version of RealPlayer and RealPlayer 11 Beta is actively being exploited, Symantec said Friday morning.
It could allow remote attackers to take control of computers running the affected music player software.
The issue affects an ActiveX object in the RealPlayer component called "ierpplug.dll."
For those using Microsoft Internet Explorer, visiting a malicious Web page could result in a compromised computer. RealPlayer does not have to be running for this exploit to be a risk.
"The malicious .html page checks several versions of RealPlayer to determine if the installed application is vulnerable," said Masaki Suenaga, a member of the Symantec Security Response team, in a blog post. "If it is, the attacker can potentially take control of the computer. Trojan.Reapall, the sample we received, successfully exploits this RealPlayer vulnerability and downloads and executes a copy Trojan.Zonebac."
Trojan.Zonebac is Trojan software that lowers the security zone settings in Microsoft Internet Explorer to make misuse of the computer easier.
Symantec tested the sample exploit code against current versions of RealPlayer 11 Beta and RealPlayer 10.5. Old versions may also be vulnerable.
The antivirus company also recommends that users keep their antivirus software up to date.
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Digital Transformation Myths & TruthsTransformation is on every IT organization's to-do list, but effectively transforming IT means a major shift in technology as well as business models and culture. In this IT Trend Report, we examine some of the misconceptions of digital transformation and look at steps you can take to succeed technically and culturally.