Exploitation will not show any signs. After the attacker will take control the code can have any effect.
Sorin Ciorceri, virus researcher
This is an exploit that affects Real Networks RealPlayer 10.5 and Real Networks RealPlayer 11 with build numbers: from 6.0.10.* to 6.0.14.*
To ensure a proper execution he checks if the target machine is using Internet Explorer 6 or 7 under Windows 2000/2003/XP and then creates an instance of the IERCtl.IERPCtl.1 ActiveX control and gets the version of RealPlayer to check for a vulnerable version.
If all the conditions are meet he will call the "Import()" function from vulnerable dll named: ierpplug.dll with crafted parameters to trigger the exploit and to execute the shellcode.