On January 17th, 2002, a security exploit affecting RealPlayer 8 was brought to the attention of RealNetworks. The specific exploit, commonly known as a "buffer overrun", could allow an attacker to run arbitrary code on a user's machine. We have not yet received reports of anyone actually being attacked with this exploit. However, RealNetworks, has found and fixed the problem. The bug is essentially a parsing error in the player code associated with reading RM files, commonly known as a "buffer overrun" bug which could theoretically be used by hackers to adversely affect users. The bug was fixed by improving the robustness of file parsing. When RealPlayer encounters files modified in the manner described by this exploit, it will now inform the user that the file is corrupt when played.

Affected Software: All versions of Real Player including RealOne. Updates for the RealPlayer 8 and RealOne Player on Windows and Macintosh platforms are available via the RealPlayer AutoUpdate Service. RealOne Player users: To download the RealMedia File Format Update, go to Tools...Check for update. Select the box next to RealMedia File Format Update and click the Install button below to download and install the update. RealPlayer 8 users: To download the RealMedia File Format Update, go to Help...Check for update. Select the box next to RealMedia File Format Update and click the button below to download and install the update. Source: Real Networks