Daily cyber threats and internet security news: network security, online safety and latest security alerts
April 3rd, 2008

RealPlayer Vulnerability Exploited In The Wild

Exploits for the RealPlayer ‘rmoc3260.dll’ ActiveX Control Memory Corruption Vulnerability are being reported and rated as critical. A complete exploit was published for this vulnerability and it is confirmed in RealPlayer version 11.0.1 (build including rmoc3260.dll version Other versions may also be affected.

Impacted sites have ranged from forums, to webmail, to news agencies. Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the application using the affected ActiveX control. Failed exploit attempts will likely crash the application.

Norton Internet Security 2008, Norton AntiVirus 2008, and Norton 360 version 2 customers will see this attack blocked by the existing MSIE RealPlayer rmoc ActiveX BOIPS signature. Some variants of this attack may be blocked as HTTP Internet Explorer Heap Spray Buffer Overflow. Additionally, antivirus signatures are available for Bloodhound.Exploit.182, protecting customers from threats attempting to exploit this vulnerability.


Update to version 11.0.2 (build via e.g. “Check for Update” in the “Help->About RealPlayer” menu.

Share this item with others:

More on CyberInsecure:
  • Zero-day Microsoft Windows NSlookup.exe Vulnerability Exploited In The Wild
  • Highly Critical Vulnerabilities Fixed In Urgent RealPlayer Update
  • Critical Flash Player, Acrobat, Reader Vulnerability Exploited In The Wild
  • Microsoft Excel 0-day Code Execution Vulnerability Exploited In The Wild
  • Another Worm Exploiting MS08-067 Windows Flaw Spotted In The Wild

  • If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: RealPlayer Vulnerability Exploited In The Wild

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.