RealPlayer 0-Day Shows ActiveX Still an Issue
News has been spreading rapidly of an actively-exploited vulnerability affecting RealPlayer, activated via Internet Explorer. Based on the available reporting, it appears that at least one major victim has been targeted with this exploit (NASA), with the first information being made public on Wednesday of this week. Symantec, McAfee, and the ISC then published initial details of the vulnerability on Thursday / Friday.
Discovered in the wild, but without public exploit code samples at this stage, concerns are being aired by Information Security vendors about the risk of widespread infection attempts using this vulnerability. Making the situation worse is that it is being reported that a successful infection only requires the ActiveX control to be present - it does not need to be activated for a successful attack.
While a critical vulnerability in a common third party ActiveX plugin is a problem for Windows users (especially one that comes pre-installed by default on some systems - such as Dell), it serves as a timely reminder for all that the Internet Explorer and ActiveX combination is still a risky one for Windows users, despite the ongoing efforts that Microsoft are putting in to tightening security.
For users and administrators who do not have third party protection software in place, setting the following killbit in the Windows Registry will provide interim protection (as well as preventing RealPlayer from being called in Internet Explorer):
With RealPlayer notorious for constant 'buffering...' messages early in the time of streaming online media content, some Internet humourists have suggested that the vulnerability might be due to a 'buffering overflow'.
20 October 2007
Do you like how we cover Information Security news? How about checking out our company services, delivered the same way our news is.
Let our Free OS X Screen Saver deliver the latest security alerts and commentary to your desktop when you're not at your system.Comments will soon be available for registered users.