According to a security research company in Russia, Real Player 11 has a zero-day security vulnerability. A zero-day vulnerability means there are instances of this vulnerability in the wild affecting computers, even before the software vendor (Real in this case) can produce a patch to fix the affected software. Apparently the Russian research company named Gleg is not willing to share what they have discovered unless Real is willing to pay up. CERT which is a major Internet security center is also not being provided any details about this vulnerability.

How can you call yourself a “security research company” if your not willing to help alleviate computer crimes? I think it’s important to spread the news about this as quickly as possible.