RealPlayer flaw: Stop using Internet Explorer

Robert Vamosi, CNET News.com

12 March 2008 09:52 AM

Tags: realplayer, internet explorer, full disclosure, active x, heap overflow, security experts, flaw

Security experts are warning RealPlayer users to stop using Internet Explorer until a patch is released for a flaw researchers discovered which could allow code execution.

Researcher Elazar Broad has posted to the Full Disclosure mailing list a so-called heap overflow vulnerability that makes it possible for an attacker to modify heap blocks after they are freed and overwrite certain registers.

This could allow code execution on a compromised machine. The vulnerability affects all versions of RealPlayer running under Internet Explorer.

Exploit code for this flaw has not yet been made public.

Without a patch from RealPlayer, security experts recommend disabling the killbit for the following ActiveX ClassIDs:

2F542A2E-EDC9-4BF7-8CB1-87C9919F7F93

CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA

However, disabling these killbits will also remove some functionality within the player.

To avoid the loss of functionality, security experts recommend using RealPlayer in a browser that doesn't support ActiveX, such as Mozilla Firefox (for Windows and Mac).

Talkback (2)
Print
E-mail
Share
- del.icio.us
- Digg
- Reddit
- Slashdot
- StumbleUpon

Talkback 2 comments

Add your opinion

Who uses Realplayer anymore... If you haven't yet, stop using it...sandy -- 14/03/08

Who uses Realplayer anymore... If you haven't yet, stop using it...

It's not that easyMarty Hamilton -- 17/03/08 (in reply to #320097314)

It's not that easy to stop using it. Some sites that offer streaming - most notably the ABC :\ - rely heavily on the format. Of course, there's RealPlayer Alternative, but how are the majority of people going to find out about that....

Add your opinion

Latest Videos

Play now

Snow Leopard in the wild
It's a hands-on preview of Snow Leopard with a few goodies Apple hasn't shown off; iPhone 3GS' are now availab… Watch it now
Play now

Guy Kawasaki: What makes innovation?
At Cisco Live in San Francisco, Silicon Valley entreprenuer Guy Kawasaki, author of Reality Check, talks about… Watch it now
Play now

How the iPhone 3GS is faring
With earnings season looming, ZDNet correspondent Sumi Das and senior editor Sam Diaz look ahead at July and d… Watch it now
More videos »

Blogs

TelstraUnClear
Telstra's New Zealand arm TelstraClear is one strange company ...
E-health too unsexy for COAG
There will always be something more politically sexy than e-health for state governments, meaning the National E-Health Transition Authority's business case for a national electronic medical record might just sit on the shelf gathering dust forever.
Will Rudd's bush backhaul bonanza deliver?
Rural areas will be welcoming the government's decision to put its money where its politicising is, funnelling $250m into a regional fibre upgrade to six rural centres. Remedying over a decade of near-neglect at the hands of telecoms privatisation, the investment could be the firmest step yet for Labor's NBN dream — but with inevitable political questions and a looming election, Rudd and Conroy need to deliver, and quickly, to preserve the NBN's credibility.
More blogs »

Reader Services

Essentials

iPhone Centre
We bring you everything you need to know about Apple's latest iPhone including the latest news, photos and videos.
The Best Firewall is...
Read about unifited threat management under the microscope.
Server Popular Topic
Read the latest server news, case studies and product reviews here
Broadband Plan Finder
Not sure which broadband plan to choose? Try our Broadband Plan Finder.
Mobile Phone Plan Finder
Pick the best mobile phone plan deal with our Mobile Phone Plan Finder.

RealPlayer flaw: Stop using Internet Explorer

Robert Vamosi, CNET News.com

12 March 2008 09:52 AM

Tags: realplayer, internet explorer, full disclosure, active x, heap overflow, security experts, flaw

Talkback 2 comments

Who uses Realplayer anymore... If you haven't yet, stop using it...sandy -- 14/03/08

It's not that easyMarty Hamilton -- 17/03/08 (in reply to #320097314)

Just In

Most Popular

Most Discussed

Latest Videos

Blogs

Tags

Reader Services

Popular Topics

Essentials

Sponsored Links

Featured

Services

Around the Network

Around ZDNet Australia

News > Software

RealPlayer flaw: Stop using Internet Explorer

Robert Vamosi, CNET News.com

12 March 2008 09:52 AM

Tags: realplayer, internet explorer, full disclosure, active x, heap overflow, security experts, flaw

Related stories

Alerts

Talkback 2 comments

Who uses Realplayer anymore... If you haven't yet, stop using it...sandy -- 14/03/08

It's not that easyMarty Hamilton -- 17/03/08 (in reply to #320097314)

Just In

Most Popular

Most Discussed

Latest Videos

Blogs

Tags

Reader Services

Popular Topics

Essentials

Sponsored Links

Featured

Services

Around the Network

Around ZDNet Australia