RealNetworks has issued a critical patch for two vulnerabilities reported by eEye. The vulnerabilities affect a large number of RealNetworks' applications.

eEye RealPlayer Zipped Skin File Buffer Overflow II
"A RealPlayer skin file (.rjs extension) can be downloaded and applied automatically through a web browser without the user's permission."

eEye RealPlayer Data Packet Stack Overflow
"By specially crafting a malformed .rm movie file, a direct stack overwrite is triggered, and reliable code execution is then possible."

RealNetworks Update to Address Security Vulnerabilities.