RealPlayer Vulnerability Makes IE Unsafe

Security researcher Elazar Broad revealed a rather troubling flaw earlier this week that affects users of RealPlayer and the Internet Explorer browser. The file rmoc3260.dll, a module used by RealPlayer's ActiveX control, is to blame for the vulnerability. Broad posted proof-of-concept code, unveiling the possibility that an attacker could modify heap blocks after they are freed and overwrite certain registers. This in turn could lead to remote code execution on a victim's PC. He suggests setting the killbit within IE for the ActiveX control until a fix is released. Another alternative would be to switch to a different browser in the meantime, such as Firefox or Opera.