Previously unknown RealPlayer exploitation was discovered last week. So far, it can be told that unpatched vulnerability affects the latest versions of RealPlayer and RealPlayer 11 BETA, although older versions may also be vulnerable. Furthermore, an ActiveX object in the RealPlayer component ierpplug.dll is affected. This is not the first case of exploitation of this DLL, although only remote denial of service was achieved on previous occasions.
The several versions of RealPlayer are checked when you enter a malicious website to determine whether the application is vulnerable, if positive, Trojan.Reapall exploits the vulnerability, downloading and executing a copy of Trojan.Zonebac. This means that it’s enough just to visit a malicious website, the player does not need to be running.