This exploit is hosted on a Web site and runs when a user accesses the said Web site.
It takes advantage of a known vulnerability in several versions of the media player
RealPlayer that causes a stack overflow and allows the download of possibly malicious files on the affected system.
Before exploiting the abovementioned vulnerability, this exploit first checks if the affected machine is running Windows 2000 or Windows XP with Internet Explorer 6 or 7. It also checks if
RealPlayer is installed on the system and what version of the player is installed to determine the first few bytes of shell code that it writes on the affected system.
Once it successfully exploits the said vulnerability, this exploit connects to a certain URL to download a malicious file which is detected by Trend Micro as PE_MUMAWOW.AO-O. As a result, malicious routines of the downloaded file may be exhibited on the affected system.
More...