Researcher discovers RealPlayer ActiveX bug

By

A security researcher said Monday he has discovered an unpatched ActiveX vulnerability in RealPlayer, the popular media player, and is working on an exploit.


The bug allows malware writers to potentially change heap blocks, which limit the amount of memory that can be stored, to overwrite certain registers, researcher Elazar Broad said today on the website for Neohapsis, a risk and security consultancy. Exploiting the flaw could result in the execution of malicious code.

RealPlayer uses an ActiveX control to play content inside a user's browser. The affected control is rmoc3260.dll version 6.0.10.45, Broad said.

In lieu of a fix, users are encouraged to set the kill bit for the control, he said.

A spokesman for RealPlayer, owned by Real Networks, did not immediately respond to a request for comment.

See original article on scmagazineus.com
Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:

Most Read Articles

CBA using facial recognition logins to verify disputed payments

CBA using facial recognition logins to verify disputed payments

Top US diplomat impersonated with AI by unknown actor

Top US diplomat impersonated with AI by unknown actor

UK police arrest four over cyberattacks on M&S, Co-op and Harrods

UK police arrest four over cyberattacks on M&S, Co-op and Harrods

Google Gemini for Workspace vulnerable to prompt injection attacks

Google Gemini for Workspace vulnerable to prompt injection attacks

Log In

  |  Forgot your password?