RealNetworks Inc. has released a second round of updates in less than a week for critical vulnerabilities in its RealPlayer, RealOne and HelixPlayer that could be exploited by an attacker to gain access to a system.
The second round expands the scope if the first advisory, addressing a different flaw in the way the players handle media files. Last week, the Seattle-based digital entertainment services vendor confirmed that attackers could exploit versions 10.5 and 11 beta of its popular media player to run malicious code on targeted machines.
This time versions 10.5 and earlier are affected, RealNetworks said in its updated advisory.
The problem is with boundary errors occurring when the players attempt to play various media files. An attack could be carried out when the victim visits malicious Web sites with Microsoft's Internet Explorer Web browser.
"We have received no reports of any machines actually compromised as a result of the now-remedied vulnerabilities," RealNetworks said.
Danish vulnerability clearinghouse Secunia rated the flaw "highly critical," since an exploit can be carried out remotely.