RealPlayer flaw: Stop using Internet Explorer

12 March 2008 09:52 AM

Tags: realplayer, internet explorer, full disclosure, active x, heap overflow, security experts, flaw

Security experts are warning RealPlayer users to stop using Internet Explorer until a patch is released for a flaw researchers discovered which could allow code execution.

Researcher Elazar Broad has posted to the Full Disclosure mailing list a so-called heap overflow vulnerability that makes it possible for an attacker to modify heap blocks after they are freed and overwrite certain registers.

This could allow code execution on a compromised machine. The vulnerability affects all versions of RealPlayer running under Internet Explorer.

Exploit code for this flaw has not yet been made public.

Without a patch from RealPlayer, security experts recommend disabling the killbit for the following ActiveX ClassIDs:

2F542A2E-EDC9-4BF7-8CB1-87C9919F7F93

CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA

However, disabling these killbits will also remove some functionality within the player.

To avoid the loss of functionality, security experts recommend using RealPlayer in a browser that doesn't support ActiveX, such as Mozilla Firefox (for Windows and Mac).

Talkback (2)
Print
E-mail
Share
- del.icio.us
- Digg
- Reddit
- Slashdot
- StumbleUpon

Talkback 2 comments

Add your opinion

Who uses Realplayer anymore... If you haven't yet, stop using it... sandy -- 14/03/08

Who uses Realplayer anymore... If you haven't yet, stop using it...
1. It's not that easy Marty Hamilton -- 17/03/08
  
  It's not that easy to stop using it. Some sites that offer streaming - most notably the ABC :\ - rely heavily on the format. Of course, there's RealPlayer Alternative, but how are the majority of people going to find out about that....
  - Reply to comment
  - Report offensive content

Add your opinion

Latest Videos

Play now

Five things to consider when choosing a Linux distribution
Choosing a Linux distribution shouldn't come down to which desktop has your favorite color scheme. Linux distr… Watch it now
The Buzz Report: Thanks for all the laughs
Sharing knowledge in the IT world
Dragonflies eat bugs
More videos »

Blogs

Hullabaloo about OLED
It's been a long time coming, but it seems that OLED displays are finally beginning to creep onto the market.
Dear Telstra: pack up your toys, go home
Rejecting Telstra's proposal, after all, is the only conclusion Conroy can reach: as someone whose entire philosophy is built around transparency and process, he simply cannot keep Telstra as part of the NBN bidding process anymore.
Gutless studios have the wrong target
I have one word for the Australian Federation Against Copyright Theft (AFACT). Gutless.
More blogs »

Hot Spot - What's Important

Footy Club switches to Single Business Communications Solution

Connect growing business demands using Next Dimension Working™

Click here to find out more about Telstra's single solution vendor capabilities

Find out how to combine network connectivity with mobile broadband and IP telephony

Reader Services

Essentials

Printer Superguide
Looking to buy a printer? Our superguide rates the latest printers and shines a light into the industry.
Broadband speedtest
How fast is your Internet connection? Calculate the speed here.
'At the Whiteboard' Video Series
Click here to learn more about Microsoft Windows Server 2008 and Hyper-V technology.
Frost and Sullivan Awards 2008
Congratulations to all the winners from ZDNet Australia

CXO Unplugged

Video 3: Moving IT from servers to service with Virtualisation

RealPlayer flaw: Stop using Internet Explorer

Talkback 2 comments

Who uses Realplayer anymore... If you haven't yet, stop using it... sandy -- 14/03/08