RealPlayer flaw: Stop using Internet Explorer

Security experts are warning RealPlayer users to stop using Internet Explorer until a patch is released for a flaw researchers discovered which could allow code execution.

Researcher Elazar Broad has posted to the Full Disclosure mailing list a so-called heap overflow vulnerability that makes it possible for an attacker to modify heap blocks after they are freed and overwrite certain registers.

This could allow code execution on a compromised machine. The vulnerability affects all versions of RealPlayer running under Internet Explorer.

Exploit code for this flaw has not yet been made public.

Without a patch from RealPlayer, security experts recommend disabling the killbit for the following ActiveX ClassIDs:

  • 2F542A2E-EDC9-4BF7-8CB1-87C9919F7F93
  • CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA

    However, disabling these killbits will also remove some functionality within the player.

    To avoid the loss of functionality, security experts recommend using RealPlayer in a browser that doesn't support ActiveX, such as Mozilla Firefox (for Windows and Mac).

    • Advertisement

    Print feature brought to you by Adobe

    Talkback 2 comments

      Who uses Realplayer anymore... If you haven't yet, stop using it... sandy -- 14/03/08

      Who uses Realplayer anymore... If you haven't yet, stop using it...

      It's not that easy Marty Hamilton -- 17/03/08 (in reply to #320097314)

      It's not that easy to stop using it. Some sites that offer streaming - most notably the ABC :\ - rely heavily on the format. Of course, there's RealPlayer Alternative, but how are the majority of people going to find out about that....

    Add your opinion

    Latest Videos

    Sponsored content

    Power Centre - Content from our premier sponsors

    Blogs

    • Suzanne Tindal IT: Govt's cost-cutting bitch
      The government needs to stop looking at IT as a necessary evil or the place to remove costs when the Treasurer comes calling.
    • Array Can complaints on mobile content be cut?
      On 1 July this year the new Mobile Premium Services Code was introduced. It sounds like it's had a good impact, but is it enough?
    • Array NZ farmers: Bleating about broadband
      As we know, farmers are such bleaters. They bleat as much as the four-legged woolly things in their paddocks. If it's not the weather, it's the strength of the dollar! Nothing is ever right. Likewise with rural broadband.
    • More blogs »

    Tags

    1. 489 articles are tagged with 3g
    2. 41 articles are tagged with afact
    3. 83 articles are tagged with asic
    4. 141 articles are tagged with ato
    5. 1306 articles are tagged with broadband
    6. 14 articles are tagged with cenitex
    7. 670 articles are tagged with cio
    8. 253 articles are tagged with conroy
    9. 132 articles are tagged with contract
    10. 47 articles are tagged with david thodey
    11. 514 articles are tagged with dell
    12. 155 articles are tagged with exchange
    13. 152 articles are tagged with firewall
    14. 129 articles are tagged with fujitsu
    15. 53 articles are tagged with gnome
    16. 1033 articles are tagged with government
    17. 21 articles are tagged with hfc
    18. 790 articles are tagged with hp
    19. 1304 articles are tagged with ibm
    20. 222 articles are tagged with iinet
    21. 289 articles are tagged with isp
    22. 7 articles are tagged with jodee rich
    23. 13 articles are tagged with longhaus
    24. 35 articles are tagged with michael malone
    25. 1481 articles are tagged with microsoft
    26. 35 articles are tagged with mike quigley
    27. 51 articles are tagged with minchin
    28. 1127 articles are tagged with mobile
    29. 218 articles are tagged with national broadband network
    30. 395 articles are tagged with nbn
    31. 201 articles are tagged with new zealand
    32. 195 articles are tagged with nsw
    33. 61 articles are tagged with one.tel
    34. 929 articles are tagged with open source
    35. 884 articles are tagged with optus
    36. 20 articles are tagged with pipe networks
    37. 171 articles are tagged with queensland
    38. 2650 articles are tagged with security
    39. 53 articles are tagged with senate
    40. 69 articles are tagged with separation
    41. 9 articles are tagged with sp telemedia
    42. 176 articles are tagged with sydney
    43. 232 articles are tagged with telco
    44. 61 articles are tagged with telecom nz
    45. 2440 articles are tagged with telstra
    46. 138 articles are tagged with tender
    47. 25 articles are tagged with thodey
    48. 31 articles are tagged with tpg
    49. 176 articles are tagged with victoria
    50. 79 articles are tagged with wholesale

    Back to top

    Featured