Sometime on April 1, our honeypots began finding exploits for the RealPlayer 'rmoc3260.dll' ActiveX Control Memory Corruption Vulnerability (BID 28157). Sadly, this is not surprising given that a complete exploit was published for this vulnerability around the same time. At the time of this writing, there is no patch for this vulnerability.

So far impacted sites have ranged from forums, to webmail, to news agencies.

Norton Internet Security 2008, Norton AntiVirus 2008, and Norton 360 version 2 customers will see this attack blocked by the existing MSIE RealPlayer rmoc ActiveX BOIPS signature. Some variants of this attack may be blocked as HTTP Internet Explorer Heap Spray Buffer Overflow. Additionally, antivirus signatures are available for Bloodhound.Exploit.182, protecting customers from threats attempting to exploit this vulnerability.

Update: It appears that this vulnerability has been patched within RealPlayer version 11.0.2 (build 6.0.14.802), which is now available for download. It contains version 6.0.10.50 of the rmoc3260.dll file, which we have determined no longer contains the vulnerability. Current RealPlayer users can use the Check for Update utility, which will also install a version of the .dll file that is no longer vulnerable to this exploit.

==============================================================================

又是第三方...今天有人和我说我一直用real我怎么没中毒...我听的完全吐血,本来不想发这的,但是今天不知道有什么莫名冲动,不知道为什么...发泄了吧...靠!