[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] RealPlayer 0-day exploit was found in malicious

To: "full-disclosure@xxxxxxxxxxxxxxxxx" <full-disclosure@xxxxxxxxxxxxxxxxx>
Subject: [Full-disclosure] RealPlayer 0-day exploit was found in malicious
From: lzscg <lzscg@xxxxxxx>
Date: Sat, 10 Nov 2007 17:43:30 +0800 (CST)

 
 
Most vendors reported that RealPlayer 0-day exploit was found in malicious 
.html files, such as Symantec, Mcafee Avert Labs, etc. The issue affects an 
ActiveX object in the RealPlayer component ierpplug.dll. RealPlayer 11 Beta, 
10.5, and older versions are affected. 

Symantec and Mcafee have added detection of this exploit as Trojan.Reapall and 
Exploit-RealPlay.a. 

As while, Real Company issued a fix for this vulnerability in less than 24 
hours.


Quotation
RealPlayer 10.5 and RealPlayer 11 beta users should install the following patch 
click here to address this security vulnerability that aims to cause buffer 
overflow that could provide the potential for an attacker to run arbitrary or 
malicious code on a user’s PC.  


More details: http://service.real.com/realplayer/security/191007_player/en/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: [Full-disclosure] 0day Shockwave and Flash XSS Fish Exploits on Youtube, Revver, Metacafe, Google.
Next by Date: [Full-disclosure] A friend wants to Share Favorites with you
Previous by thread: [Full-disclosure] 0day Shockwave and Flash XSS Fish Exploits on Youtube, Revver, Metacafe, Google.
Next by thread: [Full-disclosure] A friend wants to Share Favorites with you
Index(es):
- Date
- Thread