An unpatched bug in RealPlayer leaves the media player open to drive-by-download attacks, which hackers use to trick prospective marks into visiting maliciously constructed websites.

The vulnerability stems from coding errors in a RealPlayer ActiveX control (rmoc3260.dll), which enables content to be played within a user's Internet Explorer browser. The ActiveX control fails to properly handle multiple properties, including Console, creating a heap memory corruption risk.

Details of the vulnerability were posted by its discoverer, Elazar Broad, on a full disclosure mailing list on Monday.

A similar vulnerability involving the interaction between RealPlayer and IE, but affecting a different ActiveX control, was discovered last October. ®

Related stories

• High-priority patch fixes critical vulns in RealPlayer (25 July 2008)
• Mass SQL injection hits English language websites (21 May 2008)
• Drive-by download attack compromises 500K websites (13 May 2008)
• Mass compromise powers massive drive-by download attack (13 March 2008)
• RealPlayer users warned over unpatched vuln (3 January 2008)
• Real Media attacks real people via RealPlayer (23 October 2007)
• IE + RealPlayer = Security hole (20 October 2007)
• Serious security hole plugged in RealPlayer and HelixPlayer (28 June 2007)
• Media players hit by buffer overflow glitch (4 April 2003)