The United States Computer Emergency Readiness Team (US-CERT) is warning of working exploit code targeting a zero-day...
flaw in the latest version of RealPlayer.
The flaw affects RealPlayer 11 build 220.127.116.118.
Evgeny Legerov, founder of Russian-based security firm, Gleg, announced a few details of the code. Legerov posted a brief announcement at the Dailydave security discussion board. In his post, Gleg links to a flash demonstration of the working code.
Gleg released the exploit code Dec. 16 to customers that license its periodic updates via its VulnDisco Step Ahead exploit packages. The packages are used with Immunity CANVAS testing software.
Seattle-based Real said it is working to determine the validity of the exploit code.
In October, Real released a patch for 10.5 and 11 beta to remove a security flaw attackers had actively targeted.
Media players are a constant target of attackers.
In late November, exploit code surfaced for a zero-day buffer-overflow flaw in Apple Inc.'s widely used QuickTime media player, giving attackers the opportunity to hijack vulnerable computers running Mac OS X and the latest versions of Microsoft Windows.
Also a serious glitch was discovered in November in how applications from a variety of vendors process audio FLAC files, opening the door for attackers to hijack vulnerable computer systems.