Multiple buffer overflow vulnerabilities in RealNetworks products could allow a remote attacker to execute arbitrary code, warned U.S. Computer Emergency Readiness Team (US-CERT).
"These vulnerabilities can be exploited by convincing a user to access a web page that references a specially crafted Flash (SWF) file,access a web page that references a specially crafted mimio boardcast (MBC) file and access a RealMedia file embedded in web page hosted on a malicious server", reads the security release
posted on Wednesday.
To diminish the security risks, US-CERT recommends to apply the patches that RealNetworks released in last moth's security update
. Also, users are suggested to disable RealPlayer AcitveX control in Internet Explorer and RealPlayer Plugin in other browsers. Finally, Us-CERT resommends not to visit untrusted web sites and not to follow supsicious links.