Digital media delivery outfit RealNetworks Inc. on Wednesday released patches for a high-risk security flaw in several versions of its widely deployed RealPlayer software. The Seattle, Wash.-based company said the flaw could allow an attacker to run arbitrary or malicious code on unpatched machines. "RealNetworks has received no reports of machines compromised as a result of the now-remedied vulnerabilities," the company said in an online advisory.
Security research company Secunia rates the issue as "highly critical" and urged users to apply the appropriate fixes immediately. The vulnerability flaw is described as a heap overflow error that occurs when the RealPlayer software handles malformed ".ram" files containing a specially crafted "host" variable. RealNetworks uses the ".ram" format to compress audio files for streaming over the Internet. The company"s alert said most major versions of its flagship RealPlayer and RealONE software were affected by the vulnerability.