Thursday, April 03, 2008 10:43 AM
cmosby
Symantec Security Response Weblog: Unpatched RealPlayer vulnerability being exploited in the wild
Unpatched RealPlayer vulnerability being exploited in the wild
Sometime on April 1, our honeypots began finding exploits for the RealPlayer 'rmoc3260.dll' ActiveX Control Memory Corruption Vulnerability (BID 28157). Sadly, this is not surprising given that a complete exploit was published for this vulnerability around the same time. At the time of this writing, there is no patch for this vulnerability.
So far impacted sites have ranged from forums, to webmail, to news agencies.
Norton Internet Security 2008, Norton AntiVirus 2008, and Norton 360 version 2 customers will see this attack blocked by the existing MSIE RealPlayer rmoc ActiveX BOIPS signature. Some variants of this attack may be blocked as HTTP Internet Explorer Heap Spray Buffer Overflow. Additionally, antivirus signatures are available for Bloodhound.Exploit.182, protecting customers from threats attempting to exploit this vulnerability.
Posted by Symantec Security Response on April 3, 2008 02:22 AM
Source: Symantec Security Response Weblog: Unpatched RealPlayer vulnerability being exploited in the wild
Filed under: Security and Anti-Virus, Internet Hacks, Internet Applications, Software Vulnerabilites