Zero Day Vulnerability Threatens RealPlayer Users

A zero day vulnerability in the latest version of RealPlayer and RealPlayer 11 Beta is actively being exploited, Symantec said Friday morning. It could allow remote attackers to take control of computers running the affected music player software.

The issue affects an ActiveX object in the RealPlayer component called "ierpplug.dll."

For those using Microsoft Internet Explorer, visiting a malicious Web page could result in a compromised computer. RealPlayer does not have to be running for this exploit to be a risk. Zero-Day Vulnerability Threatens RealPlayer Users -- Computer Virus -- InformationWeek

Linked by shanmuga Tuesday, 23rd October 2007 1:46AM