RealPlayer gets security fix

RealNetworks has issued a RealPlayer security advisory

RealNetworks has issued a new security advisory for its RealPlayer multimedia player.

The advisory addresses four vulnerabilities which could be exploited by an attacker to remotely execute code on a vulnerable system.

Two of the flaws target ActiveX vulnerabilities, and both could allow an attacker to remotely execute code.

ActiveX controls are used by Internet Explorer to interact with third-party applications.

The other two flaws include a vulnerability in the handling of SWF files and a flaw described by the company as a "local resource reference" vulnerability.

Version 10.5 and earlier of the Windows version of RealPlayer are vulnerable to all four flaws, while the 11.0.0 versions are vulnerable only to one of the ActiveX flaws. Mac and Linux versions of RealPlayer 10 are vulnerable to the SWF flaw.

Users are advised to update to the most recent version of RealPlayer 11 on all three platforms.

None of the four vulnerabilities affects the Rhapsody 4 software, nor any of Real's mobile handset software offerings.