Real player exploit made public
Real player is probably installed on many of your computers, and an exploit for an unpatched vulnerability was made public on the full-disclosure mailing list.
As a result, those using ActiveX capable browsers (read: MSIE) are vulnerable to attack, with no patch on the horizon yet.
Workarounds:
- Set killbits for:
rmoc3260.dll version 6.0.10.45
{2F542A2E-EDC9-4BF7-8CB1-87C9919F7F93}
{CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA}
But this will also remove the genuine functionality of the player. - Use a browser that doesn't support ActiveX (there's plenty of those).
--
Swa Frantzen -- Gorilla Security
Keywords:
0 comment(s)
×
Diary Archives
Comments