US-CERT is aware of reports of a vulnerability in RealPlayer. This vulnerability is due to improper handling of the "Console" property in the RealPlayer ActiveX control (rmoc3260.dll). Exploitation of this vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code.

US-CERT encourages users to do the following to help mitigate the risk:

• Review Microsoft Support Document 240797 and set kill bits for the CLSIDs {2F542A2E-EDC9-4BF7-8CB1-87C9919F7F93} and {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA}.
• Review the Securing Your Web Browser document and disable ActiveX controls.