The security flaws were first made public on the 21st of November, and a fix is still not available.
Mark Litchfield, a security hotshot with UK-based application security company NGS software, found the original vulnerabilities, and provided Real with information on how to fix them.
Real posted a fix on the 21st of November, but Litchfield quickly found that the patch didn't completely work and Real were forced to take the patch offline.
To add insult to injury, Litchfield found another set of serious vulnerabilities in the product at around the same time.
Users of the Real products are still waiting for a patch that works.
"I will say though that Real have been very quick in fixing any new issues that I have discovered, it was just unfortunate that their original patch did not do it's required job," Litchfield told ZDNet Australia.
"Chances are had they fixed them, I probably would not have revisited RealOne to look for more vulnerabilities," he added.
Real say that they "...are working with industry security professionals to verify and fix recently identified 'buffer overrun' errors in the RealOne Player".
Real are hoping that their comprehensive review of the RealOne Player code will reduce the probability of more security holes being discovered in the product in the future.
Litchfield has not been critical of the way in which Real have handled the security drama. "...in regards to fixing security issues they still come out extremely well," he said.
Real hope to release a comprehensive patch for the affected products on December 25. There are over 250 million registered users of Real Network's software.
