|
|
To print: Select File and then Print from your browser's menu
-------------------------------------------------------------- This story was printed from ZDNet Australia. --------------------------------------------------------------
|
RealPlayer flaw: Stop using Internet Explorer By Robert Vamosi, CNET News.com March 12, 2008 URL: http://www.zdnet.com.au/news/security/soa/RealPlayer-flaw-Stop-using-Internet-Explorer/0,130061744,339286701,00.htm
Security experts are warning RealPlayer users to stop using Internet Explorer until a patch is released for a flaw researchers discovered which could allow code execution. Researcher Elazar Broad has posted to the Full Disclosure mailing list a so-called heap overflow vulnerability that makes it possible for an attacker to modify heap blocks after they are freed and overwrite certain registers. This could allow code execution on a compromised machine. The vulnerability affects all versions of RealPlayer running under Internet Explorer. Exploit code for this flaw has not yet been made public. Without a patch from RealPlayer, security experts recommend disabling the killbit for the following ActiveX ClassIDs: However, disabling these killbits will also remove some functionality within the player. To avoid the loss of functionality, security experts recommend using RealPlayer in a browser that doesn't support ActiveX, such as Mozilla Firefox (for Windows and Mac).
Copyright © 2009 CBS Interactive, a CBS Company. All Rights Reserved. |
