RealNetworks has released an update to address multiple vulnerabilities in RealPlayer. These vulnerabilities may allow an attacker to execute arbitrary code or obtain sensitive information. RealNetworks identifies the vulnerabilities as the following:
- RealPlayer ActiveX controls property heap memory corruption.
- Local resource reference vulnerability in RealPlayer.
- RealPlayer SWF file heap-based buffer overflow.
- RealPlayer ActiveX import method buffer overflow.
DarkFiber Consulting encourages users to review the RealNetworks advisory and apply the appropriate updates to help mitigate the risk.