News Stay informed about the latest enterprise technology news and product updates.

Attackers target RealPlayer

Symantec warned late Thursday that a flaw in the popular RealPlayer multimedia viewer is being actively exploited by attackers in the wild.

Symantec Corp. warned late Thursday that attackers are actively targeting an unpatched flaw in Real Networks' popular...

RealPlayer multimedia viewer to run malicious code via the victim's Web browser.

According to an emailed advisory the Cupertino, Calif.-based security vendor sent customers of its DeepSight Threat Management service, RealPlayer is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks of user-supplied input before copying it to an insufficiently sized memory buffer.

"Attackers can exploit this issue to execute arbitrary code in the context of the application using the affected control (typically Internet Explorer)," Symantec said. "Successful attacks can compromise the application and possibly the underlying computer. Failed attacks will likely cause denial-of-service conditions."

Symantec deemed the attack activity significant enough to raise its ThreatCon to level 2.

To prevent successful exploits, Symantec recommends users disable Active Scripting in Internet Explorer or set the kill bit on the associated CLSID.

Dig Deeper on Productivity apps and messaging security

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.