Original URL: http://www.theregister.co.uk/2008/03/12/realplayer_bug/
Unpatched RealPlayer bug paves way for drive-by downloads
ActiveX-ploit
Posted in Anti-Virus, 12th March 2008 17:59 GMT
An unpatched bug in RealPlayer leaves the media player open to drive-by-download attacks, which hackers use to trick prospective marks into visiting maliciously constructed websites.
The vulnerability stems from coding errors in a RealPlayer ActiveX control (rmoc3260.dll), which enables content to be played within a user's Internet Explorer browser. The ActiveX control fails to properly handle multiple properties, including Console, creating a heap memory corruption risk.
RealPlayer version 11.0.1 is confirmed as vulnerable. Other versions of the media player may also be flawed. Security clearing house Secunia advises (http://secunia.com/advisories/29315) users to kill the affected ActiveX control pending the availability of a patch from Real Networks. Instructions and pointers on how to disable RealPlayer ActiveX controls in Internet Explorer can be found in an advisory by US CERT here (http://www.kb.cert.org/vuls/id/831457).
Details of the vulnerability were posted by its discoverer, Elazar Broad, on a full disclosure mailing list on Monday.
A similar vulnerability involving the interaction between RealPlayer and IE, but affecting a different ActiveX control, was discovered (http://www.theregister.co.uk/2007/10/20/realplayer_vuln) last October. ®