Yet another example of vulnerabilities in client software (ie: drive by downloads)..which is a huge attack vector. I can’t remember when the last remotely exploitable vulnerability was. As usual, IE ActiveX is to blame (when running RealPlayer 10.5 or 11 beta). Below is an article about the vulnerability:
Attacks exploiting RealPlayer zero-day in progress
Security Focus BID here.
Patch located here.
If you haven’t already..as a reminder stop using IE and use Firefox or another non-ActiveX browser. You may also want to disable ActiveX even if you don’t use IE on your Windows PC to mitigate the potential risk of future exploits.