Site menu:

Welcome | Products & Services | Security Portal | Commentary | Employment | FAQ | Privacy |

Innovation in Information Security

Coverage of important Information Security and Information Technology news and events from the research team at S?nnet Beskerming.

Username: | Password: Contact us to request an account

RealPlayer 0-Day Shows ActiveX Still an Issue

News has been spreading rapidly of an actively-exploited vulnerability affecting RealPlayer, activated via Internet Explorer. Based on the available reporting, it appears that at least one major victim has been targeted with this exploit (NASA), with the first information being made public on Wednesday of this week. Symantec, McAfee, and the ISC then published initial details of the vulnerability on Thursday / Friday.

Discovered in the wild, but without public exploit code samples at this stage, concerns are being aired by Information Security vendors about the risk of widespread infection attempts using this vulnerability. Making the situation worse is that it is being reported that a successful infection only requires the ActiveX control to be present - it does not need to be activated for a successful attack.

While a critical vulnerability in a common third party ActiveX plugin is a problem for Windows users (especially one that comes pre-installed by default on some systems - such as Dell), it serves as a timely reminder for all that the Internet Explorer and ActiveX combination is still a risky one for Windows users, despite the ongoing efforts that Microsoft are putting in to tightening security.

For users and administrators who do not have third party protection software in place, setting the following killbit in the Windows Registry will provide interim protection (as well as preventing RealPlayer from being called in Internet Explorer):

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\
ActiveX Compatibility\{FDC7A535-4070-4B92-A0EA-D9994BCC0DC5}

With RealPlayer notorious for constant 'buffering...' messages early in the time of streaming online media content, some Internet humourists have suggested that the vulnerability might be due to a 'buffering overflow'.

20 October 2007

Social bookmark this page at eKstreme.
Alternatively, Bookmark or Share via AddThis

Do you like how we cover Information Security news? How about checking out our company services, delivered the same way our news is.

Let our Free OS X Screen Saver deliver the latest security alerts and commentary to your desktop when you're not at your system.

Comments will soon be available for registered users.

More information:

Subscribe to our feed.

Commentary & Insight From Sûnnet Beskerming202420232022202120202019201820172016201520142013201220112010200920082007 - December - November - OctoberWhen AntiVirus Products (and Internet Explorer) Fail youInternet Bubble 2.0Hiding the Truth About BreachesCompanies Trying to get it RightPhD Student Claims 200x Improvement for Copper BroadbandFree Kevin's WebsiteRealPlayer 0-Day Shows ActiveX Still an IssueWaiting and Watching is Sometimes the best Course of ActionA Lesson on why Reporting Security Problems can be DangerousOn the Internet, Everyone Hates youEven Political Sites LeakWhen Identifying Problem Sources is DifficultGateway to Your DataStaying on top of SecurityThe Difference Between Theory and PracticeMicrosoft Security Patch Advance Notification - October 2007Chinese Internet Security Response Team Under Attack - September - August - July - June - May - April - March - February - January20062005

General Advisories

Reach Us:

Reach us at
info@beskerming.com

Reach us via IM

Jabber:
Server - jabber.org.au Account - Sunnet.Beskerming

AIM / iChat:
sunnetbeskerming

ICQ:
339742914

Google Talk:
Sunnet.Beskerming

Yahoo! Messenger:
sunnet.beskerming

MSN:
info@beskerming.com

Testimonials

"...extremely timely, accurate reporting..."

"...honesty which is refreshing..."

Copyright © 2005-2011 Sûnnet Beskerming Pty. Ltd. Design by Andreas Viklund.