RealPlayer flaw: Stop using Internet Explorer

Security experts are warning RealPlayer users to stop using Internet Explorer until a patch is released for a flaw researchers discovered which could allow code execution.

Researcher Elazar Broad has posted to the Full Disclosure mailing list a so-called heap overflow vulnerability that makes it possible for an attacker to modify heap blocks after they are freed and overwrite certain registers.

This could allow code execution on a compromised machine. The vulnerability affects all versions of RealPlayer running under Internet Explorer.

Exploit code for this flaw has not yet been made public.

Without a patch from RealPlayer, security experts recommend disabling the killbit for the following ActiveX ClassIDs:

  • 2F542A2E-EDC9-4BF7-8CB1-87C9919F7F93
  • CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA

    However, disabling these killbits will also remove some functionality within the player.

    To avoid the loss of functionality, security experts recommend using RealPlayer in a browser that doesn't support ActiveX, such as Mozilla Firefox (for Windows and Mac).

    • Advertisement

    Print feature brought to you by Adobe

    Talkback 2 comments

      Who uses Realplayer anymore... If you haven't yet, stop using it... sandy -- 14/03/08

      Who uses Realplayer anymore... If you haven't yet, stop using it...

      It's not that easy Marty Hamilton -- 17/03/08 (in reply to #320097314)

      It's not that easy to stop using it. Some sites that offer streaming - most notably the ABC :\ - rely heavily on the format. Of course, there's RealPlayer Alternative, but how are the majority of people going to find out about that....

    Add your opinion

    Latest Videos

    Sponsored content

    Power Centre - Content from our premier sponsors

    Blogs

    • David Braue Can not-so-smart meters help the NBN?
      It was interesting to witness Conroy's recent enthusiasm to spruik the NBN's role in supporting the Smart Grid, Smart City initiative. What a pity that Conroy hadn't yet seen the damning report from the Victorian auditor-general about that state's smart-meter roll-out.
    • Array Can the Telco Reform Act be win-win?
      In the second of our two programs looking at the Senate Inquiry into the Telecommunications Legislation Amendment Bill, we hear from shareholders, bureaucrats and industry groups.
    • Array Has New Zealand's smiling assassin delivered?
      One year into its tenure, how has the new New Zealand Government performed on issues of technology and telecommunications?
    • More blogs »

    Tags

    1. 488 articles are tagged with 3g
    2. 57 articles are tagged with accenture
    3. 237 articles are tagged with acquisition
    4. 40 articles are tagged with afact
    5. 140 articles are tagged with ato
    6. 1303 articles are tagged with broadband
    7. 60 articles are tagged with cepu
    8. 666 articles are tagged with cio
    9. 251 articles are tagged with conroy
    10. 132 articles are tagged with contract
    11. 45 articles are tagged with david thodey
    12. 514 articles are tagged with dell
    13. 152 articles are tagged with firewall
    14. 129 articles are tagged with fujitsu
    15. 1030 articles are tagged with government
    16. 789 articles are tagged with hp
    17. 1304 articles are tagged with ibm
    18. 221 articles are tagged with iinet
    19. 350 articles are tagged with iphone
    20. 288 articles are tagged with isp
    21. 116 articles are tagged with legislation
    22. 13 articles are tagged with longhaus
    23. 35 articles are tagged with michael malone
    24. 1475 articles are tagged with microsoft
    25. 33 articles are tagged with mike quigley
    26. 50 articles are tagged with minchin
    27. 1125 articles are tagged with mobile
    28. 210 articles are tagged with national broadband network
    29. 386 articles are tagged with nbn
    30. 198 articles are tagged with new zealand
    31. 27 articles are tagged with nick minchin
    32. 929 articles are tagged with open source
    33. 880 articles are tagged with optus
    34. 2650 articles are tagged with security
    35. 53 articles are tagged with senate
    36. 68 articles are tagged with separation
    37. 1292 articles are tagged with software
    38. 9 articles are tagged with sp telemedia
    39. 178 articles are tagged with stephen conroy
    40. 57 articles are tagged with strike
    41. 174 articles are tagged with sydney
    42. 60 articles are tagged with telecom nz
    43. 2431 articles are tagged with telstra
    44. 137 articles are tagged with tender
    45. 31 articles are tagged with tpg
    46. 49 articles are tagged with twitter
    47. 110 articles are tagged with union
    48. 174 articles are tagged with victoria
    49. 201 articles are tagged with video
    50. 88 articles are tagged with windows 7

    Back to top

    Featured