[b]RealPlayer users running Internet Explorer are sitting ducks for drive-by malware downloads[/b].
The widely deployed RealPlayer software is vulnerable to a heap corruption vulnerability that could put Windows users at risk of code execution attacks, according to a warning from a security researcher.
Elazar Broad, a hacker who has led an all-out assault on buggy ActiveX controls in popular software products, has issued an alert for the latest RealPlayer hiccup, warning that RealPlayer users running Internet Explorer are sitting ducks for drive-by malware downloads.
The vulnerability, released as zero-day (before a patch is available) on public mailing lists, was discovered in the RealAudioObjects.RealAudio (rmoc3260.dll) ActiveX control that ships with all versions of RealNetworks’ flagship media player.
According to Broad, who was recently credited with finding ActiveX security issues affecting MySpace and Facebook, it is possible to modify heap blocks after they are freed to overwrite certain registers. This bug could be exploited to execute arbitrary code, he warned.
[b]More than 10,000 web pages have been booby trapped with malware[/b] in one of the largest attacks of its kind to date.
Compromised web pages include travel sites, government websites, and hobbyist sites that have been modified with JavaScript code that silently redirects visitors to a site in China under the control of hackers.
Miscreants likely reprogrammed the web pages after scanning the net for insecure servers.
The malware cocktail attempts to exploit vulnerabilities in Windows, RealPlayer, and other applications to break into insecure PCs, according to an analysis by net security firm McAfee.
Craig Schmugar, threat researcher at McAfee Avert Labs, said the attack illustrated that [b]the conventional wisdom that surfers are safe providing they stick to trusted sites (and away from warez and porn) no longer holds true[/b].
“Often you hear warnings about not going to untrusted sites,” said Schmugar. “That is good advice, but it is not enough. Even sites you know can become compromised. You went to a place before that you trust, but that trust was violated through a vulnerability that was exploited.”
Cannot think why Sun Java cannot automatically update and older versions removed. If so an enormous amount of malware should have been avoided, and it would be rather quiet in the “virus and worms” section of this forum. Why evident things do not take place is beyond me, I think this is the way people start to think of conspiracies. And the security race is on - in IE8 beta XDR was brought in, and ideal way of directly communicating to malicious servers for malcreants and a sure way for new attacks and phishing scams.
Developers were not trained to bring in new functionality with also security in mind. First they see the eventual benefits of the new functionality, some even seem to close their eyes to the security concern(s),