Ok click this highly crafted url, c'mon, please...Well I won't really give you the URL that I am using for this but I will tell you that it does work. There has been a hole discovered in Real Player and Quicktime media players. The only one that I have been truely to make anything comprimised was with Quicktime on Windows. The idea is that a 400 character URL will cuase a buffer overflow in Quicktime and on the same URL you can have code that will arbitrary run on the comprimised system. In the Cnet article they stated that iDefense said that QuickTime Player versions 5.x and 6.0 for Windows are vulnerable. The workaround suggested by iDefense is to remove the QuickTime handler from the Web browser or remove the registry key (HKEY_CLASSES_ROOT/quicktime). Another option is to download Apple's QuickTime 6.1, which addresses this vulnerability, according to iDefense. The vulnerability affected the following popular versions of its digital media players: RealOne Player, RealOne Player v2 for Windows, RealPlayer 8 for Windows, RealPlayer 8 for Mac OS 9, RealOne Player for Mac OS X, RealOne Enterprise Desktop Manager and RealOne Enterprise Desktop. The Helix DNA Client is safe from this bug, Real Networks commented. Read the CNET story
here.