Unpatched RealPlayer bug paves way for drive-by downloads
Print storyActiveX-ploit
Posted in Anti-Virus, 12th March 2008 17:59 GMT
Free whitepaper – Securing your Microsoft Internet Information Services (MS IIS) web server
An unpatched bug in RealPlayer leaves the media player open to drive-by-download attacks, which hackers use to trick prospective marks into visiting maliciously constructed websites.
The vulnerability stems from coding errors in a RealPlayer ActiveX control (rmoc3260.dll), which enables content to be played within a user's Internet Explorer browser. The ActiveX control fails to properly handle multiple properties, including Console, creating a heap memory corruption risk.
RealPlayer version 11.0.1 is confirmed as vulnerable. Other versions of the media player may also be flawed. Security clearing house Secunia advises users to kill the affected ActiveX control pending the availability of a patch from Real Networks. Instructions and pointers on how to disable RealPlayer ActiveX controls in Internet Explorer can be found in an advisory by US CERT here.
Details of the vulnerability were posted by its discoverer, Elazar Broad, on a full disclosure mailing list on Monday.
A similar vulnerability involving the interaction between RealPlayer and IE, but affecting a different ActiveX control, was discovered last October. ®
Free whitepaper – Avoiding 7 common mistakes of IT security compliance
Airport insecurity: the case of lost laptops
Jump start your Application Security initiatives
Reducing messaging and web security costs with managed services
Avoiding 7 common mistakes of IT security compliance
Extended Validation SSL Certificates
Feds: Hospital hacker's 'massive' DDoS averted
Buggy 'smart meters' open door to power-grid botnet
Microsoft knew of nasty IE bug a year before attacks
BlockMaster SafeStick hardware-encrypted USB drive