If successfully exploited, the vulnerability would enable hackers to to compromise a user’s system, security firm Secunia warns.
The trouble stems from an error within the RealPlayer ActiveX Control (rmoc3260.dll). As the handling the "Console" property is not done properly, malicious people can exploit it and cause a memory corruption and execute arbitrary code when a user e.g. is tricked into visiting a malicious website.
At present time the only confirmed version to be affected is RealPlayer version 11.0.1 (build 184.108.40.2064), with rmoc3260.dll version 220.127.116.11. However, it was stressed out that other version aren’t in the clear yet and the list might include them as well.
Up till now, the only solution available is to set the kill-bit for the affected ActiveX control.