Home / malware Exploit.JS.RealPlr.C
First posted on 21 November 2011.
Source: BitDefenderAliases :
Exploit.JS.RealPlr.C is also known as Exploit.HTML.Repl.B JS/RealPlay.E.
Explanation :
This is an exploit that affects Real Networks RealPlayer 10.5 and Real Networks RealPlayer 11 with build numbers: from 6.0.10.* to 6.0.14.*
To ensure a proper execution he checks if the target machine is using Internet Explorer 6 or 7 under Windows 2000/2003/XP and then creates an instance of the IERCtl.IERPCtl.1 ActiveX control and gets the version of RealPlayer to check for a vulnerable version.
If all the conditions are meet he will call the "Import()" function from vulnerable dll named: ierpplug.dll with crafted parameters to trigger the exploit and to execute the shellcode.Last update 21 November 2011