TrendLabs Malware Blog
Glossary
TrendWatch
TrendLabs Twitter
EXPL_REALPLAY.H
Overview
Solution

Malware type: Exploit

Aliases: Exploit.JS.RealPlr.af (Kaspersky), Exploit-RealPlay (McAfee), Downloader (Symantec), JS/Agent.ES (Avira), Troj/Repl-A (Sophos), Exploit:HTML/Repl.D (Microsoft)

In the wild: Yes

Destructive: No

Language: English

Platform: Windows 2000, XP

Encrypted: No

Overall risk rating:

Reported infections:

Damage potential:

 Medium

Distribution potential:

 Medium

Description: 

To get a one-glance comprehensive view of the behavior of this malware, refer to the Behavior Diagram shown below.

EXPL_REALPLAY.H Behavior Diagram

Malware Overview

This exploit code is hosted on a Web site and runs when a user accesses the said Web site.

It takes advantage of a known vulnerability in several versions of the media player RealPlayer. The said vulnerability causes a stack overflow and allows the download of possibly malicious files on the affected system. More information on this vulnerability can be found on the following Web site:

Once this exploit successfully uses the said vulnerability, it connects to a certain URL to download a malicious file detected by Trend Micro as PE_MUMAWOW.AO-O. As a result, malicious routines of the downloaded file may be exhibited on the affected system.

For additional information about this threat, see:
Solution
Technical Details

Description created: Dec. 20, 2007 2:55:29 AM GMT -0800

Search a new malware

Tell us how we did. Take our quick survey.