RealNetworks has patched a number of 27 vulnerabilities affecting RealPlayer 11, RealPlayer SP and RealPlayer Enterprise, most of which allow for remote code execution and carry a critical security risk.
Many of the vulnerabilities
are buffer overflows that are triggered when parsing malformed files of different formats.
Fifteen of them were reported by various researchers through TippingPoint's Zero Day Initiative (ZDI) program, two by researchers from TippingPoint's own DVLabs division, three by Secunia Research, five by VUPEN and two by iDefense Labs.
All 27 flaws affect RealPlayer 11.0 - 11.1, 25 affect RealPlayer SP 1.0 - 1.0.1, 24 RealPlayer SP 1.0.2 - 1.1.1, 21 RealPlayer SP 1.1.2 - 1.1.4 and 11 RealPlayer SP 1.1.5.