Symantec Corp. warned late Thursday that attackers are actively targeting an unpatched flaw in Real Networks' popular RealPlayer multimedia viewer to run malicious code via the victim's Web browser.
According to an emailed advisory the Cupertino, Calif.-based security vendor sent customers of its DeepSight Threat Management service, RealPlayer is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks of user-supplied input before copying it to an insufficiently sized memory buffer.
"Attackers can exploit this issue to execute arbitrary code in the context of the application using the affected control (typically Internet Explorer)," Symantec said. "Successful attacks can compromise the application and possibly the underlying computer. Failed attacks will likely cause denial-of-service conditions."
Symantec deemed the attack activity significant enough to raise its ThreatCon to level 2.
To prevent successful exploits, Symantec recommends users disable Active Scripting in Internet Explorer or set the kill bit on the associated CLSID.