Previously unknown RealPlayer exploitation was discovered last week. So far, it can be told that unpatched vulnerability affects the latest versions of RealPlayer and RealPlayer 11 BETA, although older versions may also be vulnerable. Furthermore, an ActiveX object in the RealPlayer component ierpplug.dll is affected. This is not the first case of exploitation of this DLL, although only remote denial of service was achieved on previous occasions.
The several versions of RealPlayer are checked when you enter a malicious website to determine whether the application is vulnerable, if positive, Trojan.Reapall exploits the vulnerability, downloading and executing a copy of Trojan.Zonebac. This means that it’s enough just to visit a malicious website, the player does not need to be running.
To avoid this you have to set the kill bit on the Class identifier (CLSID) FDC7A535-4070-4B92-A0EA-D9994BCC0DC5, (instructions can be found here). Also ensure that your Internet Explorer clients are configured to prompt before executing Active Scripting, which should be disabled altogether, if not required. Update your antivirus software and disable your JavaScript whenever possible.
