My Bitdefender
  • 0 Shopping Cart

SHARE
THIS ON

Facebook Twitter Google Plus

Exploit.JS.RealPlr.C

MEDIUM
MEDIUM
~3000 bytes
(Exploit.HTML.Repl.B JS/RealPlay.E)

Symptoms

Exploitation will not show any signs. After the attacker will take control the code can have any effect.

Removal instructions:

Please let BitDefender disinfect your files and update your RealPlayer.
Please check the following url: http://service.real.com/realplayer/security/191007_player/en/

Analyzed By

Sorin Ciorceri, virus researcher

Technical Description:

This is an exploit that affects Real Networks RealPlayer 10.5 and Real Networks RealPlayer 11 with build numbers: from 6.0.10.* to 6.0.14.*
To ensure a proper execution he checks if the target machine is using Internet Explorer 6 or 7 under Windows 2000/2003/XP and then creates an instance of the IERCtl.IERPCtl.1 ActiveX control and gets the version of RealPlayer to check for a vulnerable version.
If all the conditions are meet he will call the "Import()" function from vulnerable dll named: ierpplug.dll with crafted parameters to trigger the exploit and to execute the shellcode.