RealPlayer vulnerable in Internet Explorer

By Robert Vamosi, CNET News.com
Wednesday, March 12, 2008 10:52 AM

Security experts are warning users to stop using the RealPlayer on Internet Explorer until a patch is released for a flaw researchers discovered which could allow code execution.

Researcher Elazar Broad has posted to the the Full Disclosure mailing list a so-called heap overflow vulnerability that makes it possible for an attacker to modify heap blocks after they are freed and overwrite certain registers.

This could allow code execution on a compromised machine. The vulnerability affects all versions of RealPlayer running under Internet Explorer.

Exploit code for this flaw has not yet been made public.

Without a patch from RealPlayer, security experts recommend disabling the killbit for the following ActiveX ClassIDs:

  • 2F542A2E-EDC9-4BF7-8CB1-87C9919F7F93;
  • CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA.

However, disabling these killbits will also remove some functionality within the player.

To avoid the loss of functionality, security experts recommend using RealPlayer in a browser that doesn't support ActiveX, such as Mozilla Firefox (for Windows and Mac).

This article was first published as a blog on CNET News.com.


WORTHWHILE?

0

0 votes
Blog

Talkback 0 comments

There are currently no comments for this post.

Guest user

Guest user

Level: 
Joined: —
Already a member? Log in »



 

Loading...

News from Countries/Region

Tech Jobs Now!


Search for your ideal tech job:

Replicating your infrastructure in a lab

Enterprise Servers & Storage

Learn two ways to replicate your current environment for testing and evaluation of new server platforms.


Read more »



  • HPC Applications

    Ever wondered if High Performing Computing systems really matter in our day-to-day world? HPC is not just reserved for the some obscure high-end scientific studies.

    David Scott from Intel Corporation gives you a quick tour to the process of developing HPC applications and the interesting world of HPC Applications in today's industries, including the lucrative oil industry.
    Play video


  • Maximize IT Spend: Business Acceleration

    How do you ensure your IT solutions are well integrated and streamlined across your enterprise? Rajendhiran Sanggaran from Oracle explains the processes and important considerations required to enable IT to fuel your business to the next level of growth.
    Play video

Tags

  1. attack
  2. attacks
  3. by
  4. cards
  5. china
  6. cisco
  7. companies
  8. concern
  9. critical
  10. cyberattack
  11. firefox
  12. google
  13. mac
  14. malware
  15. microsoft
  16. mobile
  17. online
  18. os
  19. prompts
  20. security
  21. server
  22. site
  23. threat
  24. trojan
  25. uk
  26. vista
  27. warning
  28. warns
  29. windows
  30. xp

What's the Indian definition of privacy?

Blog thumbnail

Two days back, I was having dinner at an aunt's place. She is a leading doctor. We were discussing my school friend, who happens to be her patient.

My aunt..... by Swati Prasad

Read more »