Monday, June 26, 2017
  Our sponsors   
  Users currently online   
Membership Membership:
Latest New User Latest: jorgea
New Today New Today: 0
New Yesterday New Yesterday: 0
User Count Overall: 39

People Online People Online:
Visitors Visitors: 18
Members Members: 0
Total Total: 18

Online Now Online Now:
Click here to visit OS-Cubed, Inc.
Viruswarn banner

Welcome to the Viruswarning forums.  All your original content has been ported to the new forums as  well as new content and additional opportunities to interact with the authors of  You can always access old content at .  You may find some formatting was lost in the conversion and the older versions of the posts to be more readable....

But at least it's all here.


  Viruswarn Forums
Subject: Critical RealPlayer Update Available

You are not authorized to post a reply.   
Author Messages
David Gray

10/22/2007 2:52 PM  

What Is It?

A remote code execution vulnerability has been discovered in an ActiveX control that is part of RealOne Player, RealOne Player v2, and RealPlayer 10.x. This type of vulnerability could allow an unknown attacker to take over your computer, by enticing you to open an infected media file in the affected player. However, Ryan Naraine's Zero Day, on ZDNet, characterizes the active attack as a "drive by malware installation." In other words, a Web advertisement opens in your browser, and code is silently installed from an IFrame hidden in the body of the advertisement.

You could be attacked, and not know it, until weeks later, when the malicious code has already done its dirty deed, and maybe even removed itself.

What Should You Do?

Depending on which Real product you use, you should take the following steps as soon as possible, certainly before you use the player again.


  1. Although the RealNetworks blog instructs users to upgrade to version 10.5, the only upgrade that seems to be available directly from Real is the 11 (beta) version. However, since this is a public beta, it's probably pretty solid.
  2. The basic player download is the little text link in the upper right corner of the page.
  3. Although the PC World article implies that you are safe if you use an alternative Web browser, such as Mozilla Firefox, because of the way Microsoft Windows works, I wouldn't count on it. Even if you designate another program as your default Web browser, applications can, and often do, invoke the WebBrowser ActiveX control, which is, for all practical purposes, Internet Explorer.

Because the flaw is being exploited by hiding the exploit code in an IFrame inside a Web advertisement, it is extremely difficult for casual users to detect.


David Gray, MBA, Chief Wizard
WizardWrx, formerly P6 Consulting
WizardWrx Logo V: +1 (817) 812-3041
TZ: USA Central, GMT -5
5006 Cloyce Court
North Richland Hills, TX 76180-6944
20 Years of Experience & Independence - 1985-2005
Tell me what you need, and I’ll conjure it.
You are not authorized to post a reply.
Forums > Viruswarning Forum > Viruswarning archive > Critical RealPlayer Update Available

ActiveForums 3.6
  Register or Login

Forgot Password ?
Copyright 2006 by OS-Cubed, Inc.   Terms Of Use  Privacy Statement