As reported at http://www.zdnet.com.au/news/software/soa/RealPlayer-flaw-Stop-using-Internet-Explorer/0,130061733,339286701,00.htm
Securityexperts are warning RealPlayer users to stop using Internet Exploreruntil a patch is released for a flaw researchers discovered which couldallow code execution.
Researcher Elazar Broad has posted to the Full Disclosure mailinglist a so-called heap overflow vulnerability that makes it possible foran attacker to modify heap blocks after they are freed and overwritecertain registers.
This could allow code execution on a compromised machine. Thevulnerability affects all versions of RealPlayer running under InternetExplorer.
Exploit code for this flaw has not yet been made public.
Without a patch from RealPlayer, security experts recommend disabling the killbit for the following ActiveX ClassIDs:
However, disabling these killbits will also remove some functionality within the player.
To avoid the loss of functionality, security experts recommend usingRealPlayer in a browser that doesn't support ActiveX, such as MozillaFirefox (for Windows and Mac).