Three vulnerabilities were found, two of which could allow malicious code to be executed on unpatched machines, either via a local .rm file, or via .rm file embedded in a web page. eEye Digital Security Inc found the flaws.
While we have not received reports of anyone actually being attacked with this exploit, all security vulnerabilities are taken very seriously, the firm said. Users need to run check for updates in the player to get a security fix.