http://www.theinquirer.net/?article=21042 By Nick Farrell 02 February 2005 AN EXPLOIT that takes advantage of holes in Real Player and IE has been released on the web. According to an advisory issued by the security outfit Secunia, RealMedia (.rm) files can open local files in the browser built into RealPlayer. This means a malicious website can load a local HTML document in a local context by using a re-written RealMedia file. The flaw exists on version 10.5 (build 6.0.12.1056) of RealPlayer but other versions could be affected as well. There is a workaround for the problem. You have to avoid opening RealMedia files from an untrusted source and restrict such files from being opened automatically from within browsers. So, not much that can be done then. _________________________________________ Bellua Cyber Security Asia 2005 - http://www.bellua.com/bcs2005
This archive was generated by hypermail 2.1.3 : Wed Feb 02 2005 - 06:12:21 PST