US-CERT has issued a warning concerning an unpatched vulnerability in RealPlayer and a flaw affecting Flash files.

An excerpt from Register:

A flaw in RealPlayer 11 build might be used to inject hostile code onto Windows boxes running the software, security notification firm Secunia warns. Other versions of the media player software may also be vulnerable.

The vulnerability is caused by a stack overflow, and the link above also provides a flash demo. There was another warning issued concerning a vulnerability in Flash that allowed the execution of remote cross site scripting attacks.

More information:

US-CERT Warns of Flaw in Latest RealPlayer (TMCnet)

Critical vulnerability in RealPlayer (Heise Security)

RealPlayer Unspecified Buffer Overflow Vulnerability (Secunia)

US-CERT warns of RealPlayer exploit (SC Magazine)