RealPlayer flaw: Stop using Internet Explorer

By Robert Vamosi, CNET News.com

12 March 2008 09:52 AM

Tags: realplayer, internet explorer, full disclosure, active x, heap overflow, security experts, flaw

Security experts are warning RealPlayer users to stop using Internet Explorer until a patch is released for a flaw researchers discovered which could allow code execution.

Researcher Elazar Broad has posted to the Full Disclosure mailing list a so-called heap overflow vulnerability that makes it possible for an attacker to modify heap blocks after they are freed and overwrite certain registers.

This could allow code execution on a compromised machine. The vulnerability affects all versions of RealPlayer running under Internet Explorer.

Exploit code for this flaw has not yet been made public.

Without a patch from RealPlayer, security experts recommend disabling the killbit for the following ActiveX ClassIDs:

2F542A2E-EDC9-4BF7-8CB1-87C9919F7F93

CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA

However, disabling these killbits will also remove some functionality within the player.

To avoid the loss of functionality, security experts recommend using RealPlayer in a browser that doesn't support ActiveX, such as Mozilla Firefox (for Windows and Mac).

Talkback (2)
Print
E-mail
Share
- del.icio.us
- Digg
- Reddit
- Slashdot
- StumbleUpon

Talkback 2 comments

Add your opinion

Who uses Realplayer anymore... If you haven't yet, stop using it... sandy -- 14/03/08

Who uses Realplayer anymore... If you haven't yet, stop using it...

It's not that easy Marty Hamilton -- 17/03/08 (in reply to #320097314)

It's not that easy to stop using it. Some sites that offer streaming - most notably the ABC :\ - rely heavily on the format. Of course, there's RealPlayer Alternative, but how are the majority of people going to find out about that....

Add your opinion

Latest Videos

Play now

AFACT 'disappointed' with iiTrial outcome
Executive director of the Australian Federation Against Copyright Theft, Neil Gane, spoke in front of the Fede… Watch it now
Play now

IIA on iiTrial judgement
Internet Industry Association CEO Peter Coroneos spoke in a doorstop in front of the Federal Court about what … Watch it now
Play now

iiNet's victorious Michael Malone
Fresh from victory, iiNet CEO Michael Malone spoke in a doorstop in front of the Federal Court about the win a… Watch it now
More videos »

Blogs

Telecom NZ savings damage prospects
If Telecom NZ wants to have any of the NZ$1.5 billion the government intends to spend on its new broadband network, it had better think long and hard before offshoring 1500 jobs.
iiNet: The whys and what nows
Last week the Federal Court ruled that internet service providers are not responsible for copyright violation by their customers. This is an important decision not just for iiNet, which spent around $4 million defending the case, but for all ISPs in Australia and, indeed, globally.
Govt, hurry up with releasing data
A programmer scraped data from the My School website to make some really cool heat maps showing regions of smart schools — no thanks to the government, which didn't supply the data in any useful kind of format.
More blogs »

NetIQ
Active Directory Management

Complimentary Whitepaper Download:

AD Management Survey: Reveals Security as Key Challenge

More resources to Manage, Secure & Automate your
Active Directory »

Brought to you by:

Reader Services

Essentials

Broadband Plan Finder
Not sure which broadband plan to choose? Try our Broadband Plan Finder.
Mobile Phone Plan Finder
Pick the best mobile phone plan deal with our Mobile Phone Plan Finder.
Broadband speedtest
How fast is your Internet connection? Calculate the speed here.

RealPlayer flaw: Stop using Internet Explorer

By Robert Vamosi, CNET News.com

12 March 2008 09:52 AM

Tags: realplayer, internet explorer, full disclosure, active x, heap overflow, security experts, flaw

Talkback 2 comments

Who uses Realplayer anymore... If you haven't yet, stop using it... sandy -- 14/03/08

It's not that easy Marty Hamilton -- 17/03/08 (in reply to #320097314)

Just In

Most Popular

Most Discussed

Latest Videos

Blogs

Tags

NetIQ
Active Directory Management

Reader Services

Popular Topics

Essentials

Sponsored Links

Featured

Services

Around the Network

Around ZDNet Australia

News > Software

RealPlayer flaw: Stop using Internet Explorer

By Robert Vamosi, CNET News.com

12 March 2008 09:52 AM

Tags: realplayer, internet explorer, full disclosure, active x, heap overflow, security experts, flaw

Related stories

Alerts

Talkback 2 comments

Who uses Realplayer anymore... If you haven't yet, stop using it... sandy -- 14/03/08

It's not that easy Marty Hamilton -- 17/03/08 (in reply to #320097314)

Just In

Most Popular

Most Discussed

Latest Videos

Blogs

Tags

NetIQ Active Directory Management

Reader Services

Popular Topics

Essentials

Sponsored Links

Featured

Services

Around the Network

Around ZDNet Australia

NetIQ
Active Directory Management