JS_Realexploit.A is malicious JavaScript that may be hosted on a Web site and run when a user accesses the said Web site.

It takes advantage of a known vulnerability in several versions of the media player RealPlayer that causes a stack overflow and allows the download of possibly malicious files on the affected system.

http://service.real.com/realplayer/security/191007_player/en/


Once it successfully exploits the said vulnerability, this JavaScript connects to a certain URL to download possibly malicious files. The said file will then be saved in Windows system folder. As a result, malicious routines of the downloaded files may be exhibited on the affected system.

Technical details can be found at this Trend Micro page.