… patch your Real Player now:
RealNetworks has issued a critical patch for two vulnerabilities reported by eEye. The vulnerabilities affect a large number of RealNetworks’ applications.
eEye RealPlayer Zipped Skin File Buffer Overflow II
“A RealPlayer skin file (.rjs extension) can be downloaded and applied automatically through a web browser without the user’s permission.”
eEye RealPlayer Data Packet Stack Overflow
“By specially crafting a malformed .rm movie file, a direct stack overwrite is triggered, and reliable code execution is then possible.”
RealNetworks Update to Address Security Vulnerabilities.