The Seattle-based digital media company released patches on Thursday to fix the problems. The bugs affect older versions of its flagship RealPlayer as well as of Rhapsody, Helix Player and RealOne Player. They aren't found in the most recent versions of RealPlayer and Rhapsody, according to a company advisory. The flaws are found in RealNetworks' software for Microsoft Windows, Mac OS X and Linux systems.
iDefense, a VeriSign company, is one of those credited by RealNetworks with reporting a problem. It has issued a security alert about a flaw in the way servers handle "chunks" of transferred data that could be used to crash a computer. It could also be used to let an outsider run code on an infected PC without the owners' knowledge, iDefense said.
The vulnerabilities have been rated "highly critical" in an advisory from Secunia. The Danish security company said that one flaw in processing SWF files, used to play Flash media, could also be used to commandeer a computer. Another bug, in the processing of MBC files used for Mimio BoardCast audio sessions, could also ultimately allow a break-in on a machine.
While no cases of actual compromised computers have surfaced, RealNetworks strongly recommends people upgrade to the most current version of its media software. A detailed list of vulnerable versions and the free upgrades can be found on its posted alert.
