same old same old
The title should have read "IE + ActiveX = Security hole"
Realplayer was a good thing when it started, I used it for quite a few projects because of the html linking and authoring aspects. The only other thing available at the time was the WMV generator from MS, and apart from it not having any capabilities other than format conversion, it was from MS, so I steered clear.
Too many people jump on the "slag Realplayer" meme today, who have never used it or produced with it, just because it's "funny". I was doing online video over 6 years ago, before flash became the ubiquitous method it is today. For the price and the capability, Real was the best option.
But no, it's easier to have a go at Realplayer for what is essentially the same old MS problem, allowing a public interface to affect private resources. I seem to remember Windows Media player having many similar flaws to this one, and probably still does.
Essentially, if I had the time over again, I would still pick realplayer over WMP, in the same way as I jumped straight onto Phoenix/Firebird/Firefox. Separate the components, and limit the damage. Remember, realplayer doesn't need to be running for this exploit to work, so what's at fault ? IE , the ActiveX model or Realplayer ?