Defense in Depth Subscribe to Defense in Depth

March 11, 2008 9:58 AM PDT

RealPlayer vulnerable in Internet Explorer

Posted by Robert Vamosi

If you use the RealPlayer on Internet Explorer, watch out. Researcher Elazar Broad has posted to the Full Disclosure mailing list a so-called heap overflow vulnerability that makes it possible for an attacker to modify heap blocks after they are freed and overwrite certain registers. This could allow code execution on a compromised machine. The vulnerability affects all versions of RealPlayer running under Internet Explorer.

Exploit code for this flaw has not yet been made public.

Without a patch from RealPlayer, security experts recommend disabling the killbit for the following ActiveX ClassIDs:

2F542A2E-EDC9-4BF7-8CB1-87C9919F7F93
CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA

Please note that disabling the killbits above will also remove some functionality within the player.

To avoid the loss of functionality, security experts recommend using RealPlayer in a browser that doesn't support ActiveX, such as Mozilla Firefox (for Windows and Mac).

Topics:: Browsers and extensions,; Security

Tags:: security,; Real,; RealPlayer,; Elazar Broad,; ActiveX,; Internet Explorer,; Firefox

Bookmark:: Digg; Del.icio.us; Reddit

Recent posts from Defense in Depth: Yahoo e-mail accounts compromised for spammers' use; Skeleton key unlocks Microsoft SQL servers in latest Web attack; Web browsers and other mistakes; Goodbye Storm, Hello Srizbi; Microsoft serves law enforcement free COFEE

Powered by Jive Software

About Defense in Depth
With over eight years at CNET covering computer viruses and computer crime, Robert Vamosi goes beyond the hype to provide you with expert interviews with the top security researchers making the news as well as offering the hands-on, non-technical advice you'll need to stay safe online.

Subscribe to this blog
Click this link to view this blog as XML.

Add this feed to your online news reader

Defense in Depth topics

Latest blog posts from News.com

Featured blogs

Beyond Binary by Ina Fried A look at how technology is changing our lives and at the people behind all that life-changing stuff.

Coop's Corner by Charles Cooper Charles Cooper weighs in on Silicon Valley hijinks, and he doesn't suffer fools gladly.

Geek Gestalt by Daniel Terdiman At the tech culture nexus of video games, fire art, and virtual worlds.

Green Tech Fresh green tech news and commentary.

One More Thing by Tom Krazit Tom Krazit takes on the tech phenomenon that is Apple, and keeps a close watch on the chip industry.

Outside the Lines by Dan Farber When business and technology meet, that's when things get interesting.

The Iconoclast by Declan McCullagh Exploring the intersection of politics and technology.

The Social by Caroline McCarthy Exploring all facets of social media and tech culture.

Underexposed by Stephen Shankland Coverage of digital photography, science, and open-source software.

CNET.com

Welcome (log out) |View profile

Log in | Sign up Why join?

On TV.com: MILEY CYRUS photographs

Start Doing More with Windows Mobile

Copyright ©2008 CNET Networks, Inc. All rights reserved.
Privacy policy
Terms of use