Attackers feast on Real Player flaw

Attackers feast on Real Player flaw

Real promises to patch hole as soon as possible

Online criminals are exploiting a new, unpatched vulnerability in the Real Player application.

Security firm Symantec said that fewer than 50 infections had been reported, and that the attack is currently limited to just a few websites.

The attack targets an unpatched vulnerability in the RealPlayer media player application.

Real Networks said that a fix for the vulnerability should be up by the end of Friday (19 October).

The vulnerability lies in the way a Real Player component handles ActiveX calls. ActiveX is a system used to link Internet Explorer with other applications such as Real's media player.

When the user accesses a specially crafted web page, malicious javascript is run which targets the vulnerability and installs a trojan.

This trojan in turn downloads and installs another piece of malware which lowers the security settings in Internet Explorer, making it easier to carry out future attacks on the user's system.

Upon successfully executing the exploit, RealPlayer then plays a standard test video.

Symantec said that Firefox is not believed to be affected by the flaw, as it does not utilize ActiveX.

The company notes that this is not the first time a flaw in the component, known as ierpplug.dll, has been reported. Last December, a security researcher was able to exploit the component to achieve a denial of service.

The US Computer Emergency Response Team (US-CERT) advises users to disable ActiveX controls until a fix becomes available.

Symantec noted that advanced users can also mitigate the risk by setting a kill bit in the Windows registry, which will prevent the vulnerable ActiveX control from running.

1 Comment:

RealNetworks has issued a patch for this vulnerability that users can download here -

For more information about these patches and how the new RealPlayer has been improved, please visit the RealPlayer blog at

Matt Spragins
Real Networks