RealPlayer: More ActiveX security headaches

Summary:RealPlayer has a another ActiveX vulnerability that leaves Windows users on IE at risk.Elazar Broad, who frequently flags ActiveX problems, issued an alert Sunday on message board lists.

RealPlayer has a another ActiveX vulnerability that leaves Windows users on IE at risk.

Elazar Broad, who frequently flags ActiveX problems, issued an alert Sunday on message board lists. Broad is currently working on an exploit for it.

Here's the message:

Hash: SHA1

Who: Real Networks http://www.real.com

What: Real Networks Real Player is a popular media player.

How: Real Player utilizes an ActiveX control to play content within the users browser.

rmoc3260.dll version 6.0.10.45 {2F542A2E-EDC9-4BF7-8CB1-87C9919F7F93} {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA}

It is possible to modify heap blocks after they are freed and overwrite certain registers, possibly allowing code execution. Like so:

- ------------ var buf = ''; while (buf.length < 1005) buf = buf + 'A';

m = obj.Console; obj.Console = buf; obj.Console = m

//repeat m = obj.Console; obj.Console = buf; obj.Console = m --> Should crash here - -------------

Workaround: Set the killbit for this control. See http://support.microsoft.com/kb/240797

Fix: No official fix known

Exploit: Working on it

Elazar

As noted by Ryan Naraine, Broad is a bit of an ActiveX vulnerability hunter. Broad has also discovered ActiveX security problems with MySpace and Facebook. Why do folks keep ActiveX active?

SANS said the following:

Those using ActiveX capable browsers (read: MSIE) are vulnerable to attack, with no patch on the horizon yet.

Workarounds:

* Set killbits for: rmoc3260.dll version 6.0.10.45 {2F542A2E-EDC9-4BF7-8CB1-87C9919F7F93} {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} But this will also remove the genuine functionality of the player. * Use a browser that doesn't support ActiveX (there's plenty of those).

More info on disabling ActiveX on IE can be found on Microsoft's site.

Topics: Security, Enterprise Software, Software, Software Development

About

Larry Dignan is Editor in Chief of ZDNet and SmartPlanet as well as Editorial Director of ZDNet's sister site TechRepublic. He was most recently Executive Editor of News and Blogs at ZDNet. Prior to that he was executive news editor at eWeek and news editor at Baseline. He also served as the East Coast news editor and finance editor at CN... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.