Zero-Day Vulnerability Threatens RealPlayer Users - InformationWeek
IoT
IoT
Software // Information Management
News
10/19/2007
05:16 PM
Connect Directly
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%

Zero-Day Vulnerability Threatens RealPlayer Users

For those using Microsoft Internet Explorer, visiting a malicious Web page could result in a compromised computer.

A zero-day vulnerability in the latest version of RealPlayer and RealPlayer 11 Beta is actively being exploited, Symantec said Friday morning.

It could allow remote attackers to take control of computers running the affected music player software.

The issue affects an ActiveX object in the RealPlayer component called "ierpplug.dll."

For those using Microsoft Internet Explorer, visiting a malicious Web page could result in a compromised computer. RealPlayer does not have to be running for this exploit to be a risk.

"The malicious .html page checks several versions of RealPlayer to determine if the installed application is vulnerable," said Masaki Suenaga, a member of the Symantec Security Response team, in a blog post. "If it is, the attacker can potentially take control of the computer. Trojan.Reapall, the sample we received, successfully exploits this RealPlayer vulnerability and downloads and executes a copy Trojan.Zonebac."

Trojan.Zonebac is Trojan software that lowers the security zone settings in Microsoft Internet Explorer to make misuse of the computer easier.

Symantec tested the sample exploit code against current versions of RealPlayer 11 Beta and RealPlayer 10.5. Old versions may also be vulnerable.

Symantec offers several strategies for minimizing the impact of the exploit: Setting the kill bit to halt ActiveX in Microsoft Internet Explorer and in Windows Internet Explorer (for the technically savvy only); making sure that all Microsoft Internet Explorer clients present a prompt before executing Active Scripting (which should be turned off if not required); setting Microsoft Outlook and Outlook Express clients to display e-mail in plain text or that HTML messages only get opened in the Restricted sites security zone; and disabling JavaScript.

The antivirus company also recommends that users keep their antivirus software up to date.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
Digital Transformation Myths & Truths
Transformation is on every IT organization's to-do list, but effectively transforming IT means a major shift in technology as well as business models and culture. In this IT Trend Report, we examine some of the misconceptions of digital transformation and look at steps you can take to succeed technically and culturally.
Video
Slideshows
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll