Original URL: http://www.theregister.co.uk/2008/03/12/realplayer_bug/
Unpatched RealPlayer bug paves way for drive-by downloads
ActiveX-ploit
Posted in Security, 12th March 2008 17:59 GMT
Regcast training : Hyper-V 3.0, VM high availability and disaster recovery
An unpatched bug in RealPlayer leaves the media player open to drive-by-download attacks, which hackers use to trick prospective marks into visiting maliciously constructed websites.
The vulnerability stems from coding errors in a RealPlayer ActiveX control (rmoc3260.dll), which enables content to be played within a user's Internet Explorer browser. The ActiveX control fails to properly handle multiple properties, including Console, creating a heap memory corruption risk.
RealPlayer version 11.0.1 is confirmed as vulnerable. Other versions of the media player may also be flawed. Security clearing house Secunia advises [1] users to kill the affected ActiveX control pending the availability of a patch from Real Networks. Instructions and pointers on how to disable RealPlayer ActiveX controls in Internet Explorer can be found in an advisory by US CERT here [2].
Details of the vulnerability were posted by its discoverer, Elazar Broad, on a full disclosure mailing list on Monday.
A similar vulnerability involving the interaction between RealPlayer and IE, but affecting a different ActiveX control, was discovered [3] last October. ®