Home arrow US-CERT Computer Emergency Readiness Team arrow RealPlayer ActiveX Vulnerability

RealPlayer ActiveX Vulnerability

US-CERT is aware of reports of a vulnerability in RealPlayer. This vulnerability is due to improper handling of the "Console" property in the RealPlayer ActiveX control (rmoc3260.dll). Exploitation of this vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code.

US-CERT encourages users to do the following to help mitigate the risk:

  • Review Microsoft Support Document 240797240797 and set kill bits for the CLSIDs {2F542A2E-EDC9-4BF7-8CB1-87C9919F7F93} and {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA}.
  • Review the Securing Your Web BrowserSecuring Your Web Browser document and disable ActiveX controls.
US-CERT will provide more information as it becomes available.