RealPlayer flaw: Stop using Internet Explorer

Security experts are warning RealPlayer users to stop using Internet Explorer until a patch is released for a flaw researchers discovered which could allow code execution. Researcher Elazar Broad has posted to the Full Disclosure mailing list a so-called heap overflow vulnerability that makes it possible for an attacker to modify heap blocks after they are freed and overwrite certain registers.

This could allow code execution on a compromised machine. The vulnerability affects all versions of RealPlayer running under Internet Explorer. Exploit code for this flaw has not yet been made public.

Without a patch from RealPlayer, security experts recommend disabling the killbit for the following ActiveX ClassIDs:

  1. 2F542A2E-EDC9-4BF7-8CB1-87C9919F7F93
  2. CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA

However, disabling these killbits will also remove some functionality within the player.

To avoid the loss of functionality, security experts recommend using RealPlayer in a browser that doesn"t support ActiveX, such as Mozilla Firefox (for Windows and Mac).

News Source: ZDNet Australia

Report a problem with article
Next Article

Two years after patch, a new IE5/6 FTP flaw

Previous Article

Microsoft says no Blu-ray for Xbox 360