Newly found Vulnerabilities03/11/08:

 

RealPlayer ActiveX Vulnerability

 

We are aware of reports of a vulnerability in RealPlayer. This vulnerability is due to improper handling of the "Console" property in the RealPlayer ActiveX control (rmoc3260.dll). Exploitation of this vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code.

We encourage users to do the following to help mitigate the risk:

      Review US-CERT Vulnerability Note VU#831457.

      Review Microsoft Support Document 240797 and set kill bits for the following CLSIDs:

        {0FDF6D6B-D672-463B-846E-C6FF49109662}  {224E833B-2CC6-42D9-AE39-90B6A38A4FA2} {2F542A2E-EDC9-4BF7-8CB1-87C9919F7F93}
        {3B46067C-FD87-49B6-8DDD-12F0D687035F} {3B5E0503-DE28-4BE8-919C-76E0E894A3C2}   {44CCBCEB-BA7E-4C99-A078-9F683832D493}
        {A1A41E11-91DB-4461-95CD-0C02327FD934} {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA}

 

Home

Comments