Alert Number: 031108-01
Alert Date: 03/11/08
Alert Title: *UNPATCHED* ActiveX Vulnerability for RealPlayer
Update-to: None
OS/Platform/Application: RealPlayer 10.x, RealPlayer 11.x (on all platforms)
Category: ALERT
Severity: HIGH
Attention: RealPlayer users, system Administrators, Desktop Support Personnel.
Summary: Numerous Internet Security-related agencies are reporting the existence of a "highly critical" vulnerability in RealPlayer that (if exploited) could result in execution of arbitrary code. The most likely vector of exploit is the viewing of a maliciously-crafted website or media file. According to Internet Security resources, the exploit is active and circulating on the Internet. At the time of this writing (8:45 AM 3/11/08), no patch has yet been provided by the Vendor to address this problem.
Recommended Action: Users and System Administrators are encouraged to read the security bulletins pertaining to this vulnerability (safe links provided below) and to use extreme caution in using RealPlayer until a patch has been released to address this issue.
Readers are encouraged to share this alert with family, friends, and associates who may use RealPlayer on their home PCs.
ITS Actions: N/A
Resources:
SANS Advisory:
http://isc.sans.org/diary.html?storyid=4120
Secunia Advisory:
http://secunia.com/advisories/29315/
FrSirt Advisory:
http://www.frsirt.com/english/advisories/2008/0842/products
