Vulnerability Alerts
SANS
 
Microsoft
 
CERT/CC
 
 
Latest Comments
"Excellent info. If you use Gumtree Australia you will see many obvious scam posts in all ..."
on Scammers target online car buyers, warns ACCC
by Marian Imrie | Dec 5, 2008 4:45 PM
 
"Very nice and useful information. UT4B4. Tape4backup.com"
on Weighing the options for securing back-up data
by Lto-4 Tape | Dec 4, 2008 9:23 PM
 
"Interesting that you do not bother to list the one AV that has consistently passed the VB100. ..."
on Latest VB100 malware test brings good news
by Ben | Dec 4, 2008 6:00 PM
 
"I like this"
on AVG update deletes critical Windows file
by nanwin | Dec 3, 2008 3:05 PM
 
"Concerned man's comments seem to intimate that if I'm using agents all will be well but the ..."
on Shavlik Technologies to broaden its patch management offerings
by Werner K | Nov 26, 2008 8:36 PM
Application Flaws

Researcher discovers RealPlayer ActiveX bug

  • Email a Friend
  • Print Page
Related Articles
By Dan Kaplan
Mar 11, 2008 9:57 AM
Tags: "realplayer | activex | bux" | "activex" | "realplayer | security" | "activex | bus"
The bug allows malware writers to potentially change heap blocks, which limit the amount of memory that can be stored, to overwrite certain registers, researcher Elazar Broad said today on the website for Neohapsis, a risk and security consultancy. Exploiting the flaw could result in the execution of malicious code.

RealPlayer uses an ActiveX control to play content inside a user's browser. The affected control is rmoc3260.dll version 6.0.10.45, Broad said.

In lieu of a fix, users are encouraged to set the kill bit for the control, he said.

A spokesman for RealPlayer, owned by Real Networks, did not immediately respond to a request for comment.

See original article on scmagazineus.com

Secure Computing Magazine

 
Ads by Google
Thoughts on this article? Add a comment below.
Be the first to comment on this article.

Report this comment as offensive:

   * Indicates information we require to process your submission.

Name: *
Email: *
Reason for offense: *
Your report will not be displayed.  
Name:
*
 
Email:
(will not be displayed)
*
 
Comment:
(HTML not permitted)
*
 
Validation
*

Enter the code you see below:

 

 
 
 
 
 
Tripwire - Click here to win an iTouch
 
 
Vulnerabilities & Exploits Whitepapers
 
Popular Tags
blink digital eeye firms framework free information major malware mashup microsoft pdf policy professional report security secuware updates vendors vulnerability