RealNetworks issues patches to fix critical flaws
According to eEye Digital Security, the company that discovered two of the flaws, attackers could gain access to the unsuspecting users' system by introducing an incomplete .rm movie file and then triggering a buffer overflow. This would allow the hacker to run arbitrary code on the computer and thus take control of it.
The second flaw allows buffer overrun in a third-party compression library, "An attacker can zip one file that has hostile data and create a .rjs file. [The attacker] can change the file length field of .rjs file so when it processes [the] zip file, it will cause a heap overflow," a statement issued by the company said.
RealNetworks is advising all users to update their players with the latest patches to be on the safe side.