Security experts are warning RealPlayer users to stop using Internet Explorer until a patch is released for a flaw researchers discovered which could allow code execution. Researcher Elazar Broad has posted to the Full Disclosure mailing list a so-called heap overflow vulnerability that makes it possible for an attacker to modify heap blocks after they are freed and overwrite certain registers.
This could allow code execution on a compromised machine. The vulnerability affects all versions of RealPlayer running under Internet Explorer. Exploit code for this flaw has not yet been made public.
Read full story...
More...