|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[ISN] RealPlayer and IE exploited
From: InfoSec News (isn
c4i.org)
Date: Wed Feb 02 2005 - 05:10:14 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
http://www.theinquirer.net/?article=21042
By Nick Farrell
02 February 2005
AN EXPLOIT that takes advantage of holes in Real Player and IE has
been released on the web.
According to an advisory issued by the security outfit Secunia,
RealMedia (.rm) files can open local files in the browser built into
RealPlayer.
This means a malicious website can load a local HTML document in a
local context by using a re-written RealMedia file.
The flaw exists on version 10.5 (build 6.0.12.1056) of RealPlayer but
other versions could be affected as well.
There is a workaround for the problem. You have to avoid opening
RealMedia files from an untrusted source and restrict such files from
being opened automatically from within browsers.
So, not much that can be done then.
_________________________________________
Bellua Cyber Security Asia 2005 -
http://www.bellua.com/bcs2005
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]