Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: Real player exploit made public SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Real player exploit made public

Real player is probably installed on many of your computers, and an exploit for an unpatched vulnerability was made public on the full-disclosure mailing list.

As a result, those using ActiveX capable browsers (read: MSIE) are vulnerable to attack, with no patch on the horizon yet.


  • Set killbits for:
    rmoc3260.dll version

    But this will also remove the genuine functionality of the player.
  • Use a browser that doesn't support ActiveX (there's plenty of those).

Swa Frantzen -- Gorilla Security


760 Posts
Mar 11th 2008

Sign Up for Free or Log In to start participating in the conversation!