RealPlayer ActiveX Flaw Discovered
RealPlayer users might take a look at this one: a vulnerability has been discovered within the media player, paving the way to drive-by-download attacks.
March 14, 2008
If successfully exploited, the vulnerability would enable hackers to to compromise a user's system, security firm Secunia warns.
The trouble stems from an error within the RealPlayer ActiveX Control (rmoc3260.dll). As the handling the "Console" property is not done properly, malicious people can exploit it and cause a memory corruption and execute arbitrary code when a user e.g. is tricked into visiting a malicious website.
At present time the only confirmed version to be affected is RealPlayer version 11.0.1 (build 184.108.40.2064), with rmoc3260.dll version 220.127.116.11. However, it was stressed out that other version aren't in the clear yet and the list might include them as well.
Up till now, the only solution available is to set the kill-bit for the affected ActiveX control.