Real Player zero day

By Roger on October 19, 2007 3:28 PM | | Comments (2) | TrackBacks (0)

I wrote yesterday about a zero day possibly targeting NASA. This morning Symantec posted news of a Real Player exploit on the loose.

"The issue affects an ActiveX object in the RealPlayer component ierpplug.dll." While there is no patch available, you can set activeX kill bits. (Google for how to do that). I am deploying that in my enterprise now.

Tags

0 TrackBacks

Listed below are links to blogs that reference this entry: Real Player zero day.

TrackBack URL for this entry: http://www.infosecblog.org/mt-tb20071121.pl/612

2 Comments

Matt Spragins said:

RealNetworks has issued a patch for this vulnerability that users can download here - http://service.real.com/realplayer/security/191007_player/en/

For more information about these patches and how the new RealPlayer has been improved, please visit the RealPlayer blog at www.realplayer.com/blog.

Matt Spragins
Real Networks

October 25, 2007 4:16 PM
Roger Author Profile Page said:

Yep, you guys got that out really fast. I blogged about that here: http://www.infosecblog.org/2007/10/real-fix-available.html but I neglected to set a trackback or update this post. I've had limited time this week.

thanks for the link to the real blog, I wasn't aware of that.

October 25, 2007 5:02 PM

Leave a comment

Powered by Ajax Comments

About this Entry

This page contains a single entry by Roger published on October 19, 2007 3:28 PM.

Air Force "cyber sidearms" was the previous entry in this blog.

Fakechecks.org is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.

Subscribe to feed Subscribe to this blog's feed
Add to Google
Please contact me by leaving a comment where appropriate. Otherwise, you can click here to reveal an email address for me.
Got Backups? Get Safe Online Remember Rick Rescorla Powered by Movable Type 4.2-en

Search