US-CERT is reporting that they are aware of another vulnerability in RealPlayer on Windows.
This vulnerability is due to improper handling of the “Console” property in the RealPlayer ActiveX control (rmoc3260.dll). Exploitation of this vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code.
While US-CERT recommends disabling Active-X and securing your browser, which is not bad advice, I’d make the broader recommendation of uninstalling RealPlayer and encouraging web developers to stop using it to stream audio and video on their web sites.
RealPlayer has been and continues to be an awful mess of bundled and unstable software that’s often open to security vulnerabilities and has even been labeled as badware. Today when there are so many more user friendly methods for streaming audio and video using Real is completely out of touch and stupid.
[RealPlayer ActiveX Vulnerability]
[tags]video player, video players, free video, live video[/tags]
