Forbidden Web

Apr 04, 2008

RealPlayer Update Released
RealPlayer has released an update to address an ActiveX vulnerability. This vulnerability is due to improper handling of multiple properties of the RealPlayer ActiveX control (rmoc3260.dll). Exploitation of this vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code. At this time, US-CERT has seen reports of active exploitation of this vulnerability.

US-CERT encourages users to do the following to help mitigate the risk:

Update RealPlayer to protect against known attack vectors.
Review US-CERT Vulnerability Note VU#831457 for more information and workarounds.
Review the Securing Your Web Browser document and disable ActiveX controls.

US-CERT will provide more information as it becomes available.