Exploit code targets RealPlayer, researchers warn

A zero-day flaw in the latest version of RealPlayer can be actively targeted with working exploit code, according to researchers at US-CERT.

The United States Computer Emergency Readiness Team (US-CERT) is warning of working exploit code targeting a zero-day flaw in the latest version of RealPlayer.

The flaw affects RealPlayer 11 build 6.0.14.748.

Evgeny Legerov, founder of Russian-based security firm, Gleg, announced a few details of the code. Legerov posted a brief announcement at the Dailydave security discussion board. In his post, Gleg links to a flash demonstration of the working code.

Gleg released the exploit code Dec. 16 to customers that license its periodic updates via its VulnDisco Step Ahead exploit packages. The packages are used with Immunity CANVAS testing software.

Seattle-based Real said it is working to determine the validity of the exploit code.

In October, Real released a patch for 10.5 and 11 beta to remove a security flaw attackers had actively targeted.

Media players are a constant target of attackers.

In late November, exploit code surfaced for a zero-day buffer-overflow flaw in Apple Inc.'s widely used QuickTime media player, giving attackers the opportunity to hijack vulnerable computers running Mac OS X and the latest versions of Microsoft Windows.

Also a serious glitch was discovered in November in how applications from a variety of vendors process audio FLAC files, opening the door for attackers to hijack vulnerable computer systems.

Dig deeper on Emerging Information Security Threats

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close