Three vulnerabilities exist in the Windows versions of the RealOne Player and RealPlayer, according to a statement on RealNetworks' Web site.
By encouraging a RealOne or RealPlayer user to download a malformed file, an attacker could run code of their choice on a user's system, according to a security advisory sent by Next Generation Security Software to the NTBugtraq mailing list.
Next Generation Security Software said it discovered the flaws and informed RealNetworks on 1 November. It is common for security firms to release their own bulletin after the software maker fixes the problem.
RealNetworks recommends that users install a patch to fix the software, although there are no reports so far of attacks using the exploit.
Click here for the Next Generation Security Software advisory.