SecurityHome.eu Exploit.JS.RealPlr.C

Home / malware PDF

Exploit.JS.RealPlr.C

First posted on 21 November 2011.
Source: BitDefender
Aliases :
Exploit.JS.RealPlr.C is also known as Exploit.HTML.Repl.B JS/RealPlay.E.
Explanation :
This is an exploit that affects Real Networks RealPlayer 10.5 and Real Networks RealPlayer 11 with build numbers: from 6.0.10.* to 6.0.14.*
To ensure a proper execution he checks if the target machine is using Internet Explorer 6 or 7 under Windows 2000/2003/XP and then creates an instance of the IERCtl.IERPCtl.1 ActiveX control and gets the version of RealPlayer to check for a vulnerable version.
If all the conditions are meet he will call the "Import()" function from vulnerable dll named: ierpplug.dll with crafted parameters to trigger the exploit and to execute the shellcode.
Last update 21 November 2011

TOP

Malware :

RATDispenser
whispergate
Borat RAT
Trojanized X_Trader
BlackLotus

Last 20