| Security firm Secunia has issued an advisory covering a flaw in
RealPlayer that could allow an attacker to compromise a user's
system. "The problem is that RealMedia ".rm" files can open
local files in the built-in browser. This can be exploited by
e.g. a malicious website to load a local HTML document in a
local context via a specially crafted RealMedia file. Exploit
code has been published which combines this vulnerability with a
publicly known vulnerability in Microsoft Internet Explorer..."
This is a very worrying flaw for which there is currently no
fix. Until a fix arrives it would be prudent to change your file
associations so that .rm files are no longer linked to the
RealMedia player or, more drastically, uninstall the RealMedia
player itself.
http://secunia.com/advisories/14087/ | |
