Security vulnerability in RealPlayer ActiveX

Security researcher Elazar Broad has discovered a vulnerability in an ActiveX control in RealPlayer, which at least crashes the user's browser and may also allow execution of injected malicious code. For this to occur, users must visit crafted web pages in Internet Explorer.

The bug in the rmoc3260.dll ActiveX component apparently allows attackers to overwrite memory blocks on the heap after they have been freed, and to modify certain registers. According to the advisory, Broad is currently working on a demo.

The bug affects version 6.0.10.45 of rmoc3260.dll. According to Broad, Real has not yet released an update to fix the vulnerability. He therefore recommends deactivating the control by setting the kill bit for the ClassIDs {2F542A2E-EDC9-4BF7-8CB1-87C9919F7F93} and {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA}. Microsoft has a knowledge base article which explains how to set a kill bit.

See also:

• Real Networks RealPlayer ActiveX Control Heap Corruption, security advisory from Elazar Broad

(mba)