When adding a skin file to RealPlayer, if the filename contains a directory traversal, a remote attacker may get files deployed onto the machine anywhere in the system. According to RealNetworks the flaw affects RealOne Player, RealOne Player v2, RealOne Enterprise Desktop, RealPlayer Enterprise.
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/32661/realplayer.traversal.txt
Source: https://packetstormsecurity.com/files/32661/realplayer.traversal.txt.html