Real player exploit made public

Real player is probably installed on many of your computers, and an exploit for an unpatched vulnerability was made public on the full-disclosure mailing list.

As a result, those using ActiveX capable browsers (read: MSIE) are vulnerable to attack, with no patch on the horizon yet.


  • Set killbits for:
    rmoc3260.dll version

    But this will also remove the genuine functionality of the player.
  • Use a browser that doesn't support ActiveX (there's plenty of those).

Swa Frantzen -- Gorilla Security


760 Posts
Mar 11th 2008

Sign Up for Free or Log In to start participating in the conversation!