The H-Online: RealNetworks is warning users about multiple security vulnerabilities in its RealPlayer media player application for Windows; the company says that none of the, now fixed, holes are known to have been used to compromise systems.
The released update, version 18.104.22.168 of RealPlayer, closes three security holes. One hole is related to ASM RuleBook parsing that could be exploited by an attacker to remotely execute arbitrary code, another is a memory corruption problem related to MP4 file handling in the QuickTime plugin used by RealPlayer, and the third is a buffer overrun in the Media parser.
RealPlayer Versions 11.0 to 11.1 and 14.0.0 to 22.214.171.124, as well as RealPlayer SP 1.0 to 1.1.5 are affected; RealPlayer for Mac is not vulnerable. RealPlayer 126.96.36.199 – available for Windows 7, Vista SP1 and XP SP3 – corrects these problems. All users are advised to upgrade to the latest version. An alternative option is to simply uninstall RealPlayer as very few sites use it exclusively.