Researcher discovers RealPlayer ActiveX bug

A security researcher said Monday he has discovered an unpatched ActiveX vulnerability in RealPlayer, the popular media player, and is working on an exploit.

The bug allows malware writers to potentially change heap blocks, which limit the amount of memory that can be stored, to overwrite certain registers, researcher Elazar Broad said today on the website for Neohapsis, a risk and security consultancy. Exploiting the flaw could result in the execution of malicious code.

RealPlayer uses an ActiveX control to play content inside a user's browser. The affected control is rmoc3260.dll version 6.0.10.45, Broad said.

In lieu of a fix, users are encouraged to set the kill bit for the control, he said.

A spokesman for RealPlayer, owned by Real Networks, did not immediately respond to a request for comment.

See original article on scmagazineus.com

Encyclopedia Britannica sues OpenAI over AI training

Optus appoints new OSS chief

Exploited Google Chrome zero-days added to US must-patch list

Coles sets up standard data streaming platform groupwide

AI-driven attacks shrinking response window for security teams, Elastic warns

Researcher discovers RealPlayer ActiveX bug

A security researcher said Monday he has discovered an unpatched ActiveX vulnerability in RealPlayer, the popular media player, and is working on an exploit.

Partner Content

Sponsored Whitepapers

Events

Most Read Articles

Poor WA gov M365 security led to $71k theft and children's data breached

US medical device maker Stryker's Microsoft environment attacked

CBA chief impersonated in global investment fraud on Facebook

Services Australia describes fraud, debt-related machine learning use cases

Most popular tech stories

Premier's Department NSW CDIO of four-and-a-half years leaves

Meta acquires AI agent social network Moltbook

ABC drops Salesforce for Braze

Craveable Brands has one eye on AI, and the other on the project failure rate

Virgin Australia, Wesfarmers strike OpenAI agreements

HamiltonJet partners with digital services provider Fortude

SentinelOne signs distribution agreement with Sektor

Rapid7’s new SIEM combines exposure management with threat detection

The techpartner.news podcast, episode 3: Why security consultancy founder Kat McCrabb started with the hard stuff

Bluechip Infotech enters final stage of Goodson Imports acquisition

'Touch-free' smartphone controlled with head movements

Blackberry celebrates "giant step forward"

Govt launches consumer tech label program for smart devices

Photos: Australian industry explores data for net zero

Telstra Purple acquires IoT specialists Alliance Automation, Aqura Technologies

Encyclopedia Britannica sues OpenAI over AI training

Optus appoints new OSS chief

Exploited Google Chrome zero-days added to US must-patch list

Coles sets up standard data streaming platform groupwide

AI-driven attacks shrinking response window for security teams, Elastic warns

Researcher discovers RealPlayer ActiveX bug

A security researcher said Monday he has discovered an unpatched ActiveX vulnerability in RealPlayer, the popular media player, and is working on an exploit.

Add iTnews as your trusted source

Partner Content

Sponsored Whitepapers

Events

Most Read Articles

Poor WA gov M365 security led to $71k theft and children's data breached

US medical device maker Stryker's Microsoft environment attacked

CBA chief impersonated in global investment fraud on Facebook

Services Australia describes fraud, debt-related machine learning use cases

Most popular tech stories

Premier's Department NSW CDIO of four-and-a-half years leaves

Meta acquires AI agent social network Moltbook

ABC drops Salesforce for Braze

Craveable Brands has one eye on AI, and the other on the project failure rate

Virgin Australia, Wesfarmers strike OpenAI agreements

HamiltonJet partners with digital services provider Fortude

SentinelOne signs distribution agreement with Sektor

Rapid7’s new SIEM combines exposure management with threat detection

The techpartner.news podcast, episode 3: Why security consultancy founder Kat McCrabb started with the hard stuff

Bluechip Infotech enters final stage of Goodson Imports acquisition

'Touch-free' smartphone controlled with head movements

Blackberry celebrates "giant step forward"

Govt launches consumer tech label program for smart devices

Photos: Australian industry explores data for net zero

Telstra Purple acquires IoT specialists Alliance Automation, Aqura Technologies

Log In