- home
- reviews
- news
- downloads
- cnet tv
On TechRepublic: Windows 7: Slower to boot than Vista?
- log in
- join CNET
- welcome,
- my profile
- log out

CNET.com

March 11, 2008 9:58 AM PDT

RealPlayer vulnerable in Internet Explorer

by Robert Vamosi

If you use the RealPlayer on Internet Explorer, watch out. Researcher Elazar Broad has posted to the Full Disclosure mailing list a so-called heap overflow vulnerability that makes it possible for an attacker to modify heap blocks after they are freed and overwrite certain registers. This could allow code execution on a compromised machine. The vulnerability affects all versions of RealPlayer running under Internet Explorer.

Exploit code for this flaw has not yet been made public.

Without a patch from RealPlayer, security experts recommend disabling the killbit for the following ActiveX ClassIDs:

2F542A2E-EDC9-4BF7-8CB1-87C9919F7F93
CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA

Please note that disabling the killbits above will also remove some functionality within the player.

To avoid the loss of functionality, security experts recommend using RealPlayer in a browser that doesn't support ActiveX, such as Mozilla Firefox (for Windows and Mac).

Originally posted at Defense in Depth

As CNET's resident security expert, Robert Vamosi has been interviewed on the BBC, CNN, MSNBC, and other outlets to share his knowledge about the latest online threats and to offer advice on personal and corporate security. Listen to his podcast at securitybites.cnet.com or e-mail Robert with your questions and comments.

Topics:: Security,; Music

Tags:: security,; Real,; RealPlayer,; Elazar Broad,; ActiveX,; Internet Explorer,; Firefox

Share:: Digg; Del.icio.us; Reddit; Facebook; CNET HOLIDAY TECH GUIDE

Recent posts from Crave: Beamer, the iPhone case for night owls; This week in Crave: Day of the Droid edition; Verizon's LG Chocolate Touch is nice but nothing new; Popular iPhone movie app flops on BlackBerry; Top 5 most popular products for November; Ridiculous new Peeks inspired by TwitterPeek; Hands-on with the Nokia Booklet 3G; Battle of the international power plugs

Click Here

About Crave

The name says it all. Crave is our blog about gorgeous gadgets and other crushworthy stuff. If you would like to contact Crave with a tip or comment, please write to: crave@cnet.com

Add this feed to your online news reader

Crave topics

Camcorders (323)
Cameras (1298)
Cars (1695)
Desktops (1044)
Entertainment (1764)
Fashion (833)
Future tech (583)
GPS (343)
Gadget news (2917)
Games and gear (2255)
Green tech (723)
Home (1349)
Home video (963)
Laptops (1943)
Lifestyle (1479)
Luxury (637)

Military tech (218)
Music (3349)
Netbooks (196)
PDAs (1026)
Peripherals (1718)
Phones (4304)
Retro (361)
Robots (416)
Science (499)
Security (359)
Smartphones (628)
Televisions (795)
Toys (666)
Weekly Vodcast (77)
Workplace (320)

Most Popular

FAQ: Buying the right Windows 7 upgrade

Readers still have lots of questions on just which version of the software they need to buy in order to upgrade their PC. CNET News tries to offer some answers.

N.Y. lawsuit details Intel's 'largesse' toward Dell

Attorney General Andrew Cuomo's federal antitrust case filed Wednesday alleges a longstanding symbiotic relationship between Intel and Dell.

News: News site map; Latest headlines; Contact News; News staff; Corrections; CNET blogs

Popular topics: Apple iPhone; Apple iPod; Cell phones; Dell; GPS; LCD TV

CNET sites: CNET Site map; CNET TV; Downloads; News; Reviews; Shopper.com

More information: Newsletters; CNET Mobile; Customer Help Center; RSS; CNET Widgets; About CNET

©2009 CBS Interactive Inc. All rights reserved.
Privacy policy
Terms of use
Visit other CBS Interactive sites:

#networkSites {display:none;}BNET | CHOW | CNET.com | CNET Channel | GameSpot | International Media | mySimon | Search.com | TechRepublic | TV.com | ZDNet