US-CERT has issued a warning concerning an unpatched vulnerability in RealPlayer and a flaw affecting Flash files.
A flaw in RealPlayer 11 build 126.96.36.1998 might be used to inject hostile code onto Windows boxes running the software, security notification firm Secunia warns. Other versions of the media player software may also be vulnerable.
The vulnerability is caused by a stack overflow, and the link above also provides a flash demo. There was another warning issued concerning a vulnerability in Flash that allowed the execution of remote cross site scripting attacks.
Critical vulnerability in RealPlayer (Heise Security)
US-CERT warns of RealPlayer exploit (SC Magazine)