The vulnerabilities, which appear in the streaming media company's RealOne Player and Real Player, could affect as many as 115 million users of the software worldwide.
The three flaws could result in what's known as a "buffer overflow," a memory problem that could compromise security controls and theoretically allow an attacker to take control of a PC running the Real media player. The intruder could exploit the security holes by encouraging unsuspecting PC users to download files with overly long file names or other distorted features, according to NGSSoftware, the security company that first discovered the flaws.
RealNetworks said that the problems were only theoretical at this point and that the discoverer of the security holes could not actually demonstrate how to exploit the bugs to take over a PC.
"We have not yet received reports of anyone actually being attacked with this exploit," RealNetworks said in a posting on its Web site.
NGSSoftware notified the Seattle-based streaming media company of the problems on Nov. 1, but kept the findings a secret until RealNetworks could post a patch for them. The UK-based security company sent its findings to the NTBugtraq mailing list after RealNetworks fixed the flaws.
