IE + RealPlayer = Security hole

By Dan Goodin → More by this author

20 Oct 2007 00:11

ActiveX also enters into the equation

If you have RealPlayer installed and use Internet Explorer to browse the web, beware: an exploit in circulation can allow an attacker to take complete control of your machine, Symantec is warning.

Attacks targeting the most recent version of RealNetworks' music and video player were first observed Thursday night. They exploit a vulnerability in the way RealPlayer interacts with IE, providing a stealthy means for miscreants to shoehorn their way into a user's PC.

"If you have RealPlayer installed, simply visiting a malicious Web page can put your computer at risk," a Symantec blog post explains. "The player does not need to be running."

The ActiveX object being exploited resides in the the RealPlayer component ierpplug.dll. Attack code reviewed by Symantec causes RealPlayer to download and execute a copy of Trojan.Zonebac.

Until RealNetworks issues a patch, workarounds include:

Set a kill bit in the Windows registry at FDC7A535-4070-4B92-A0EA-D9994BCC0DC5
Configure IE to prompt before executing ActiveX scripts
Configure Outlook and Outlook Express to display email in plain text or to open HTML messages in the restricted sites security zone.

Another option is to use Firefox as your primary browser, preferably along with the NoScript add-on. ®

28 comments posted — Comment period finished

Track this type of story as a custom Atom/RSS feed or by email.

Dump IE 6 campaign runs afoul of dump IE 6 campaign (26 March 2008)
Unpatched RealPlayer bug paves way for drive-by downloads (12 March 2008)
Adobe Reader Trojan predates mystery update by two weeks (11 February 2008)
Exploit for 'extremely critical' Yahoo Jukebox vuln goes wild (5 February 2008)
RealPlayer users warned over unpatched vuln (3 January 2008)
Gates' spontaneity highlights IE data gap (10 December 2007)
Microsoft to search browsers for JavaScript compatibility (1 November 2007)
Rogue ActiveX controls menace users (24 October 2007)
Apple patches critical iTunes bug (7 September 2007)
Serious security hole plugged in RealPlayer and HelixPlayer (28 June 2007)
Poisoned MP4 files threaten Winamp users (2 May 2007)
Apple patches security hole in QuickTime (2 May 2007)
Winamp exploit poses hacker risk (31 January 2006)
Hackers look outside Windows for flaws (28 July 2005)

Top 20 stories All The Week’s Headlines

Whitepapers
Alternate Client Architectures Live Migration with AMD-V™ Extended Migration Technology Storage for Virtual Server Environments Managing the Performance and Availability of .NET Applications

Breaking Hardware News

Intel ordered to dish documents on deleted antitrust lawsuit e-mails

AMD vs Intel Internal interviews must be disclosed to AMD

Intel has been ordered to hand over secret employee interviews from an internal investigation looking into documents and e-mails that went missing during its antitrust trial with AMD.

Get the ChannelReg newsletters

Related Whitepapers

Webcast : Why Today's Spam Filters Fail
Watch on-line now
Average CPU Power (ACP)
The Truth About Power Consumption Starts Here
The new way to defeat Spam
Increasing productivity with Abaca
Alternate Client Architectures
An overview of alternative architectures to deliver applications to the desktop
Podcast : Why Today's Spam Filters Fail
Listen or download now
Live Migration with AMD-V™ Extended Migration Technology
Live migration functionality works seamlessly across a broad range of AMD64 processors

Top Stories