RealPlayer: More ActiveX security headaches

RealPlayer has a another ActiveX vulnerability that leaves Windows users on IE at risk.Elazar Broad, who frequently flags ActiveX problems, issued an alert Sunday on message board lists.

RealPlayer has a another ActiveX vulnerability that leaves Windows users on IE at risk.

Elazar Broad, who frequently flags ActiveX problems, issued an alert Sunday on message board lists. Broad is currently working on an exploit for it.

Here's the message:

Hash: SHA1

Who: Real Networks http://www.real.com

What: Real Networks Real Player is a popular media player.

How: Real Player utilizes an ActiveX control to play content within the users browser.

rmoc3260.dll version 6.0.10.45 {2F542A2E-EDC9-4BF7-8CB1-87C9919F7F93} {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA}

It is possible to modify heap blocks after they are freed and overwrite certain registers, possibly allowing code execution. Like so:

- ------------ var buf = ''; while (buf.length < 1005) buf = buf + 'A';

m = obj.Console; obj.Console = buf; obj.Console = m

//repeat m = obj.Console; obj.Console = buf; obj.Console = m --> Should crash here - -------------

Workaround: Set the killbit for this control. See http://support.microsoft.com/kb/240797

Fix: No official fix known

Exploit: Working on it

Elazar

As noted by Ryan Naraine, Broad is a bit of an ActiveX vulnerability hunter. Broad has also discovered ActiveX security problems with MySpace and Facebook. Why do folks keep ActiveX active?

SANS said the following:

Those using ActiveX capable browsers (read: MSIE) are vulnerable to attack, with no patch on the horizon yet.

Workarounds:

* Set killbits for: rmoc3260.dll version 6.0.10.45 {2F542A2E-EDC9-4BF7-8CB1-87C9919F7F93} {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} But this will also remove the genuine functionality of the player. * Use a browser that doesn't support ActiveX (there's plenty of those).

More info on disabling ActiveX on IE can be found on Microsoft's site.

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.
See All
See All