He added: "Real will make this patch available to users via this blog and our security update page later today." He said that users of RealOne Player, RealOne Player v2, and RealPlayer 10 should upgrade to the 10.5 version or the RealPlayer 11 beta code and install the patch. The attack exploits a flaw in an ActiveX browser helper object, affecting only Internet Explorer users running Windows.
"The exploit itself is embedded in advertisements that were being served by 247realmedia.com," Symantec said in a note on its DeepSight threat management system. "The redirection to the exploit page... was accomplished through an iFrame embedded in each advertisement."
Source:
Yahoo (PC World)
Written by: James Delahunty @ 20 Oct 2007 18:16