IE + RealPlayer = Security hole
Print storyActiveX also enters into the equation
Posted in Security, 20th October 2007 00:11 GMT
If you have RealPlayer installed and use Internet Explorer to browse the web, beware: an exploit in circulation can allow an attacker to take complete control of your machine, Symantec is warning.
Attacks targeting the most recent version of RealNetworks' music and video player were first observed Thursday night. They exploit a vulnerability in the way RealPlayer interacts with IE, providing a stealthy means for miscreants to shoehorn their way into a user's PC.
"If you have RealPlayer installed, simply visiting a malicious Web page can put your computer at risk," a Symantec blog post explains. "The player does not need to be running."
The ActiveX object being exploited resides in the the RealPlayer component ierpplug.dll. Attack code reviewed by Symantec causes RealPlayer to download and execute a copy of Trojan.Zonebac.
Until RealNetworks issues a patch, workarounds include:
- Set a kill bit in the Windows registry at FDC7A535-4070-4B92-A0EA-D9994BCC0DC5
- Configure IE to prompt before executing ActiveX scripts
- Configure Outlook and Outlook Express to display email in plain text or to open HTML messages in the restricted sites security zone.
Another option is to use Firefox as your primary browser, preferably along with the NoScript add-on. ®
Free whitepaper - The Botnet Threat: Targeting your Business
Securing your Online Data Transfer with SSL
The Botnet Threat
Extended Validation SSL Certificates
Spam Spikes: A Real Risk to Your Business
Netbooks and Mini-Laptops
How the fate of the US economy rests on a Dell workstation
How many terabytes can you fit on a 2.5-inch hard drive?
China's nonstop music machine