MidnightBSD

Advisories for realnetworks

CVE-1999-0896 HIGH

Buffer overflow in RealNetworks RealServer administration utility allows remote attackers to execute arbitrary commands via a long username and password.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
realnetworks realserver_g2 1.0
CVE-1999-1045 HIGH

pnserver in RealServer 5.0 and earlier allows remote attackers to cause a denial of service by sending a short, malformed request.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
realnetworks realserver 5.0
CVE-1999-1282 MEDIUM

RealSystem G2 server stores the administrator password in cleartext in a world-readable configuration file, which allows local users to gain privileges.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
realnetworks realsystem_g2_server *
CVE-1999-1369 MEDIUM

Real Media RealServer (rmserver) 6.0.3.353 stores a password in plaintext in the world-readable rmserver.cfg file, which allows local users to gain privileges.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
realnetworks realserver 6.0.3.353
CVE-2000-0001 MEDIUM

RealMedia server allows remote attackers to cause a denial of service via a long ramgen request.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
realnetworks realserver 5.0
CVE-2000-0185 MEDIUM

RealMedia RealServer reveals the real IP address of a Real Server, even if the address is supposed to be private.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
realnetworks realserver_g2 1.0
realnetworks realserver 5.0
realnetworks realserver 7.0
CVE-2000-0272 HIGH

RealNetworks RealServer allows remote attackers to cause a denial of service by sending malformed input to the server at port 7070.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
realnetworks realserver basic
realnetworks realserver g2_1.0
realnetworks realserver intranet
realnetworks realserver plus
realnetworks realserver pro
realnetworks realserver 7.0
CVE-2000-0280 LOW

Buffer overflow in the RealNetworks RealPlayer client versions 6 and 7 allows remote attackers to cause a denial of service via a long Location URL.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
realnetworks realplayer 7.0
realnetworks realplayer 6.0
CVE-2000-0474 HIGH

Real Networks RealServer 7.x allows remote attackers to cause a denial of service via a malformed request for a page in the viewsource directory.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
realnetworks realserver 8.0_beta
realnetworks realserver 7.0
realnetworks realserver 7.0.1
CVE-2000-1181 MEDIUM

Real Networks RealServer 7 and earlier allows remote attackers to obtain portions of RealServer's memory contents, possibly including sensitive information, by accessing the /admin/includes/ URL.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
realnetworks realserver 6.0
realnetworks realserver 5.0
realnetworks realserver 7.0
CVE-2002-0207 HIGH

Buffer overflow in Real Networks RealPlayer 8.0 and earlier allows remote attackers to execute arbitrary code via a header length value that exceeds the actual length of the header.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
realnetworks realone_player *
realnetworks realplayer_intranet *
realnetworks realplayer_intranet 7.0
CVE-2002-0337 MEDIUM

RealPlayer 8 allows remote attackers to cause a denial of service (CPU utilization) via malformed .mp3 files.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
realnetworks realplayer 8.0
CVE-2002-0415 LOW

Directory traversal vulnerability in the web server used in RealPlayer 6.0.7, and possibly other versions, may allow local users to read files that are accessible to RealPlayer via a .. (dot dot) in an HTTP GET request to port 1275.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
realnetworks realplayer 6.0
CVE-2002-1014 HIGH

Buffer overflow in RealJukebox 2 1.0.2.340 and 1.0.2.379, and RealOne Player Gold 6.0.10.505, allows remote attackers to execute arbitrary code via an RFS skin file whose skin.ini contains a long value in a CONTROLnImage argument, such as CONTROL1Image.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
realnetworks realjukebox_2_plus 1.0.2.379
realnetworks realjukebox_2_plus 1.0.2.340
realnetworks realjukebox_2 1.0.2.379
realnetworks realone_player 6.0.10.505
realnetworks realjukebox_2 1.0.2.340
CVE-2002-1015 HIGH

RealJukebox 2 1.0.2.340 and 1.0.2.379, and RealOne Player Gold 6.0.10.505, allows remote attackers to execute arbitrary script in the Local computer zone by inserting the script into the skin.ini file of an RJS archive, then referencing skin.ini from a web page after it has been extracted, which is parsed as HTML by Internet Explorer or other Microsoft-based web readers.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
realnetworks realjukebox_2_plus 1.0.2.379
realnetworks realjukebox_2_plus 1.0.2.340
realnetworks realjukebox_2 1.0.2.379
realnetworks realone_player 6.0.10.505
realnetworks realjukebox_2 1.0.2.340
CVE-2002-1321 HIGH

Multiple buffer overflows in RealOne and RealPlayer allow remote attackers to execute arbitrary code via (1) a Synchronized Multimedia Integration Language (SMIL) file with a long parameter, (2) a long long filename in a rtsp:// request, e.g. from a .m3u file, or (3) certain "Now Playing" options on a downloaded file with a long filename.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
realnetworks realone_player 2.0
realnetworks realplayer 7.0
realnetworks realplayer 8.0
realnetworks realplayer 6.0
realnetworks realplayer *
CVE-2002-1643 HIGH

Multiple buffer overflows in RealNetworks Helix Universal Server 9.0 (9.0.2.768) allow remote attackers to execute arbitrary code via (1) a long Transport field in a SETUP RTSP request, (2) a DESCRIBE RTSP request with a long URL argument, or (3) two simultaneous HTTP GET requests with long arguments.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
realnetworks helix_universal_server 9.0
realnetworks helix_universal_server 9.0.2.768
CVE-2003-0141 MEDIUM

The PNG deflate algorithm in RealOne Player 6.0.11.x and earlier, RealPlayer 8/RealPlayer Plus 8 6.0.9.584, and other versions allows remote attackers to corrupt the heap and overwrite arbitrary memory via a PNG graphic file format containing compressed data using fixed trees that contain the length values 286-287, which are treated as a very large length.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
realnetworks realone_player 6.0.11.853
realnetworks realone_player 2.0
realnetworks realone_player 6.0.11.818
realnetworks realone_player 6.0.11.830
realnetworks realone_player 9.0.0.297
realnetworks realone_player 9.0.0.288
realnetworks realone_enterprise_desktop 6.0.11.774
realnetworks realone_player 6.0.11.841
realnetworks realplayer 8.0
realnetworks realone_player 6.0.10.505
CVE-2003-0725 HIGH

Buffer overflow in the RTSP protocol parser for the View Source plug-in (vsrcplin.so or vsrcplin3260.dll) for RealNetworks Helix Universal Server 9 and RealSystem Server 8, 7 and RealServer G2 allows remote attackers to execute arbitrary code.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
realnetworks helix_universal_server 9.0.1
realnetworks realserver g2_1.0
realnetworks realserver 8.0
realnetworks realserver 8.0.1
realnetworks realserver 8.0_beta
realnetworks realserver 7.0.2
realnetworks helix_universal_server 9.0.2.794
realnetworks helix_universal_server 9.0
realnetworks helix_universal_server 8.0.1
realnetworks realserver 8.0.2
realnetworks realserver 7.0
realnetworks realserver 7.0.1
CVE-2003-0726 MEDIUM

RealOne player allows remote attackers to execute arbitrary script in the "My Computer" zone via a SMIL presentation with a URL that references a scripting protocol, which is executed in the security context of the previously loaded URL, as demonstrated using a "javascript:" URL in the area tag.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
realnetworks realone_player 6.0.11.853
realnetworks realone_player 2.0
realnetworks realone_player 6.0.11.818
realnetworks realone_player 6.0.11.830
realnetworks realone_desktop_manager *
realnetworks realone_enterprise_desktop 6.0.11.774
realnetworks realone_player 6.0.11.841
realnetworks realone_player 6.0.10.505
CVE-2003-1117 HIGH

Buffer overflow in RealSystem Server 6.x, 7.x and 8.x, and RealSystem Proxy 8.x, related to URL error handling, allows remote attackers to cause a denial of service and possibly execute arbitrary code.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
realnetworks realsystem_server 6
realnetworks realsystem_server 8
realnetworks realsystem_proxy 8
realnetworks realsystem_server 7
CVE-2003-1509 HIGH

Real Networks RealOne Enterprise Desktop 6.0.11.774, RealOne Player 2.0, and RealOne Player 6.0.11.818 through RealOne Player 6.0.11.853 allows remote attackers to execute arbitrary script in the local security zone by embedding script in a temp file before the temp file is executed by the default web browser.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
realnetworks realone_player 6.0.11.853
realnetworks realone_player 2.0
realnetworks realone_player 6.0.11.818
realnetworks realone_player 6.0.11.830
realnetworks realone_enterprise_desktop 6.0.11.774
realnetworks realone_player 6.0.11.841
CVE-2004-0049 MEDIUM

Helix Universal Server/Proxy 9 and Mobile Server 10 allow remote attackers to cause a denial of service via certain HTTP POST messages to the Administration System port.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
realnetworks helix_universal_mobile_server *
realnetworks helix_universal_server *
CVE-2004-0258 HIGH

Multiple buffer overflows in RealOne Player, RealOne Player 2.0, RealOne Enterprise Desktop, and RealPlayer Enterprise allow remote attackers to execute arbitrary code via malformed (1) .RP, (2) .RT, (3) .RAM, (4) .RPM or (5) .SMIL files.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
realnetworks realone_player 1.0
realnetworks realone_player 6.0.11.853
realnetworks realplayer 10.0_beta
realnetworks realone_player 2.0
realnetworks realone_player 6.0.11.818
realnetworks realone_player 6.0.11.830
realnetworks realone_desktop_manager *
realnetworks realone_player 6.0.11.868
realnetworks realone_enterprise_desktop 6.0.11.774
realnetworks realone_player 6.0.11.841
realnetworks realplayer 8.0
CVE-2004-0273 HIGH

Directory traversal vulnerability in RealOne Player, RealOne Player 2.0, and RealOne Enterprise Desktop allows remote attackers to upload arbitrary files via an RMP file that contains .. (dot dot) sequences in a .rjs skin file.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-22,

Products Affected

Vendor Product Version
realnetworks realone_player 1.0
realnetworks realone_player 6.0.11.853
realnetworks realone_player 2.0
realnetworks realone_player 6.0.11.818
realnetworks realone_player 6.0.11.830
realnetworks realone_desktop_manager *
realnetworks realone_player 6.0.11.868
realnetworks realone_enterprise_desktop 6.0.11.774
realnetworks realone_player 6.0.11.841
CVE-2004-0387 MEDIUM

Stack-based buffer overflow in the RT3 plugin, as used in RealPlayer 8, RealOne Player, RealOne Player 10 beta, and RealOne Player Enterprise, allows remote attackers to execute arbitrary code via a malformed .R3T file.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
realnetworks realone_player *
realnetworks realone_player 10_beta
realnetworks realplayer 8.0
CVE-2004-0389 HIGH

RealNetworks Helix Universal Server 9.0.1 and 9.0.2 allows remote attackers to cause a denial of service (crash) via malformed requests that trigger a null dereference, as demonstrated using (1) GET_PARAMETER or (2) DESCRIBE requests.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: HIGH

Problem Type: CWE-476,

Products Affected

Vendor Product Version
realnetworks helix_universal_server 9.0.1
realnetworks helix_universal_server 9.0.2
CVE-2004-0550 HIGH

Buffer overflow in Real Networks RealPlayer 10 allows remote attackers to execute arbitrary code via a URL with a large number of "." (period) characters.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
realnetworks realplayer 10.0
CVE-2004-0774 HIGH

RealNetworks Helix Universal Server 9.0.2 for Linux and 9.0.3 for Windows allows remote attackers to cause a denial of service (CPU and memory exhaustion) via a POST request with a Content-Length header set to -1.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
realnetworks helix_universal_server 9.0.2
realnetworks helix_universal_server *
realnetworks helix_universal_mobile_server_and_gateway *
CVE-2004-1094 HIGH

Buffer overflow in InnerMedia DynaZip DUNZIP32.dll file version 5.00.03 and earlier allows remote attackers to execute arbitrary code via a ZIP file containing a file with a long filename, as demonstrated using (1) a .rjs (skin) file in RealPlayer 10 through RealPlayer 10.5 (6.0.12.1053), RealOne Player 1 and 2, (2) the Restore Backup function in CheckMark Software Payroll 2004/2005 3.9.6 and earlier, (3) CheckMark MultiLedger before 7.0.2, (4) dtSearch 6.x and 7.x, (5) mcupdmgr.exe and mghtml.exe in McAfee VirusScan 10 Build 10.0.21 and earlier, (6) IBM Lotus Notes before 6.5.5, and other products. NOTE: it is unclear whether this is the same vulnerability as CVE-2004-0575, although the data manipulations are the same.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
checkmark checkmark_payroll 3.7.5
checkmark multiledger 6.0.3
realnetworks realplayer 10.0
checkmark checkmark_payroll 3.9.1
checkmark checkmark_payroll 3.9.4
realnetworks realplayer 10.0_beta
realnetworks realplayer 10.5_6.0.12.1040
checkmark checkmark_payroll 3.9.5
checkmark checkmark_payroll 3.9.2
realnetworks realplayer 10.5_6.0.12.1016_beta
checkmark multiledger *
realnetworks realplayer 10.5_6.0.12.1053
checkmark checkmark_payroll *
checkmark checkmark_payroll 3.9.3
checkmark multiledger 6.0.5
innermedia dynazip_library 5.00.02
checkmark multiledger 7.0.0
innermedia dynazip_library 5.00.01
realnetworks realone_player 1.0
realnetworks realone_player 2.0
realnetworks realplayer 10.0_6.0.12.690
realnetworks realplayer 10.5
innermedia dynazip_library 5.00.00
innermedia dynazip_library 5.00.03
CVE-2004-1481 MEDIUM

Integer overflow in pnen3260.dll in RealPlayer 8 through 10.5 (6.0.12.1040) and earlier, and RealOne Player 1 or 2 on Windows or Mac OS, allows remote attackers to execute arbitrary code via a SMIL file and a .rm movie file with a large length field for the data chunk, which leads to a heap-based buffer overflow.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
realnetworks realplayer 10.0
realnetworks realplayer -
realnetworks realone_player 9.0.0.288
realnetworks realplayer 10.5_6.0.12.1040
realnetworks helix_player 1.0
realnetworks realplayer 8.0
realnetworks realone_player 1.0
realnetworks realone_player 2.0
realnetworks realone_player 9.0.0.297
realnetworks realplayer 10.0_6.0.12.690
realnetworks realplayer 10.5
realnetworks realplayer 10.5_6.0.12.1016
CVE-2004-1798 MEDIUM

RealOne player 6.0.11.868 allows remote attackers to execute arbitrary script in the "My Computer" zone via a Synchronized Multimedia Integration Language (SMIL) presentation with a "file:javascript:" URL, which is executed in the security context of the previously loaded URL, a different vulnerability than CVE-2003-0726.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
realnetworks realone_player 1.0
realnetworks realone_player 6.0.11.853
realnetworks realone_player 2.0
realnetworks realone_player 6.0.11.818
realnetworks realone_player 6.0.11.830
realnetworks realone_player 6.0.11.868
realnetworks realone_enterprise_desktop 6.0.11.774
realnetworks realone_player 6.0.11.841
realnetworks realplayer 8.0
realnetworks realone_player 6.0.10.505
CVE-2005-0189 HIGH

Stack-based buffer overflow in the HandleAction function in RealPlayer 10.5 (6.0.12.1040) and earlier allows remote attackers to execute arbitrary code via a long ShowPreferences argument.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
realnetworks realone_player 1.0
realnetworks realplayer 10.0
realnetworks realplayer 10.0_beta
realnetworks realone_player 2.0
realnetworks realplayer 10.0_6.0.12.690
realnetworks realplayer 10.5
realnetworks realplayer 10.5_6.0.12.1040
realnetworks realplayer 10.5_6.0.12.1016_beta
CVE-2005-0190 LOW

Directory traversal vulnerability in RealPlayer 10.5 (6.0.12.1040) and earlier allows remote attackers to delete arbitrary files via a Real Metadata Packages (RMP) file with a FILENAME tag containing .. (dot dot) sequences in a filename that ends with a ? (question mark) and an allowed file extension (e.g. .mp3), which bypasses the check for the file extension.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
realnetworks realone_player 1.0
realnetworks realplayer 10.0
realnetworks realplayer 10.0_beta
realnetworks realone_player 2.0
realnetworks realplayer 10.0_6.0.12.690
realnetworks realplayer 10.5
realnetworks realplayer 10.5_6.0.12.1040
realnetworks realplayer 10.5_6.0.12.1016_beta
CVE-2005-0191 MEDIUM

Off-by-one buffer overflow in the processing of tags in Real Metadata Package (RMP) files in RealPlayer 10.5 (6.0.12.1040) and earlier could allow remote attackers to execute arbitrary code via a long tag.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
realnetworks realone_player 1.0
realnetworks realplayer 10.0
realnetworks realplayer 10.0_beta
realnetworks realone_player 2.0
realnetworks realplayer 10.0_6.0.12.690
realnetworks realplayer 10.5
realnetworks realplayer 10.5_6.0.12.1040
realnetworks realplayer 10.5_6.0.12.1016_beta
CVE-2005-0192 LOW

Directory traversal vulnerability in the parsing of Skin file names in RealPlayer 10.5 (6.0.12.1040) and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in an RJS filename.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
realnetworks realone_player 1.0
realnetworks realplayer 10.0
realnetworks realone_player 2.0
realnetworks realplayer 10.5
CVE-2005-0348 LOW

Directory traversal vulnerability in RealArcade 1.2.0.994 allows remote attackers to delete arbitrary files via an RGP file with a .. (dot dot) in the FILENAME tag.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
realnetworks realarcade *
CVE-2005-0611 MEDIUM

Heap-based buffer overflow in RealNetworks RealPlayer 10.5 (6.0.12.1056 and earlier), 10, 8, and RealOne Player V2 and V1, allows remote attackers to execute arbitrary code via .WAV files.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
realnetworks realone_player 1.0
realnetworks realplayer 10.0
realnetworks helix_player *
realnetworks realone_player 2.0
realnetworks realplayer 10.5
realnetworks realplayer 8.0
realnetworks realplayer *
CVE-2005-0755 MEDIUM

Heap-based buffer overflow in RealPlayer 10 and earlier, Helix Player before 10.0.4, and RealOne Player v1 and v2 allows remote attackers to execute arbitrary code via a long hostname in a RAM file.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
realnetworks realone_player 1.0
realnetworks realplayer 10.0
realnetworks helix_player *
realnetworks realone_player 2.0
realnetworks realplayer 10.0_6.0.12.690
realnetworks realplayer 8.0
CVE-2005-1766 MEDIUM

Heap-based buffer overflow in rtffplin.cpp in RealPlayer 10.5 6.0.12.1056 on Windows, and 10, 10.0.1.436, and other versions before 10.0.5 on Linux, allows remote attackers to execute arbitrary code via a RealMedia file with a long RealText string, such as an SMIL file.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
realnetworks realplayer *
CVE-2005-2052 MEDIUM

Heap-based buffer overflow in vidplin.dll in RealPlayer 10 and 10.5 (6.0.12.1040 through 1069), RealOne Player v1 and v2, RealPlayer 8 and RealPlayer Enterprise allows remote attackers to execute arbitrary code via an .avi file with a modified strf structure value.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
realnetworks realone_player 1.0
realnetworks realplayer 10.0
realnetworks realone_player 2.0
realnetworks realplayer 10.5_6.0.12.1040
realnetworks realplayer 8.0
realnetworks realplayer *
realnetworks realplayer 10.5_6.0.12.1069
CVE-2005-2054 MEDIUM

Unknown vulnerability in RealPlayer 10 and 10.5 (6.0.12.1040-1069) and RealOne Player v1 and v2 allows remote attackers to overwrite arbitrary files or execute arbitrary ActiveX controls via a crafted MP3 file.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
realnetworks realone_player 1.0
realnetworks realplayer 10.0
realnetworks realone_player 2.0
realnetworks realplayer 10.5_6.0.12.1040_1069
CVE-2005-2055 MEDIUM

RealPlayer 8, 10, 10.5 (6.0.12.1040-1069), and Enterprise and RealOne Player v1 and v2 allows remote malicious web server to create an arbitrary HTML file that executes an RM file via "default settings of earlier Internet Explorer browsers".

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
realnetworks realone_player 1.0
realnetworks realplayer 10.0
realnetworks realone_player 2.0
realnetworks realplayer 10.5_6.0.12.1040_1069
realnetworks realplayer 8.0
realnetworks realplayer *
CVE-2005-2629 MEDIUM

Integer overflow in RealNetworks RealPlayer 8, 10, and 10.5, RealOne Player 1 and 2, and Helix Player 10.0.0 allows remote attackers to execute arbitrary code via an .rm movie file with a large value in the length field of the first data packet, which leads to a stack-based buffer overflow, a different vulnerability than CVE-2004-1481.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
realnetworks realplayer 10.0
realnetworks helix_player 1.0.4
realnetworks realplayer 10.5_6.0.12.1235
realnetworks helix_player 1.0.1
realnetworks realplayer 10.5_6.0.12.1059
realnetworks realplayer 10.5_6.0.12.1040
realnetworks helix_player 1.0
realnetworks realplayer 8.0
realnetworks helix_player 1.0.5
realnetworks realplayer 10.5_6.0.12.1053
realnetworks helix_player 1.0.2
realnetworks realone_player 1.0
realnetworks realone_player 2.0
realnetworks helix_player 1.0.3
realnetworks realplayer 10.5
realnetworks realplayer 10.5_6.0.12.1056
realnetworks realplayer *
realnetworks realplayer 10.5_6.0.12.1069
CVE-2005-2630 MEDIUM

Heap-based buffer overflow in DUNZIP32.DLL for RealPlayer 8, 10, and 10.5 and RealOne Player 1 and 2 allows remote attackers to execute arbitrary code via a crafted RealPlayer Skin (RJS) file, a different vulnerability than CVE-2004-1094.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
realnetworks realplayer 10.0
realnetworks realplayer 10.5_6.0.12.1235
realnetworks realplayer 10.5_6.0.12.1059
realnetworks realplayer 10.5_6.0.12.1040
realnetworks realplayer 8.0
realnetworks realplayer 10.5_6.0.12.1053
realnetworks realone_player 1.0
realnetworks realone_player 2.0
realnetworks realplayer 10.5
realnetworks realplayer 10.5_6.0.12.1056
realnetworks realplayer *
realnetworks realplayer 10.5_6.0.12.1069
CVE-2005-2710 MEDIUM

Format string vulnerability in Real HelixPlayer and RealPlayer 10 allows remote attackers to execute arbitrary code via the (1) image handle or (2) timeformat attribute in a RealPix (.rp) or RealText (.rt) file.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
realnetworks realplayer 10.0
realnetworks helix_player *
CVE-2005-2922 HIGH

Heap-based buffer overflow in the embedded player in multiple RealNetworks products and versions including RealPlayer 10.x, RealOne Player, and Helix Player allows remote malicious servers to cause a denial of service (crash) and possibly execute arbitrary code via a chunked Transfer-Encoding HTTP response in which either (1) the chunk header length is specified as -1, (2) the chunk header with a length that is less than the actual amount of sent data, or (3) a missing chunk header.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
realnetworks realplayer 10.0
realnetworks realplayer 10.0.0.331
realnetworks realplayer 10.0.4
realnetworks realplayer 10.0.1
realnetworks realplayer 10.5_6.0.12.1235
realnetworks realplayer 10.0.2
realnetworks realplayer 10.5_6.0.12.1059
realnetworks helix_player 10.0.2
realnetworks realplayer 10.5_6.0.12.1040
realnetworks rhapsody 3.0_build_0.815
realnetworks realplayer 8.0
realnetworks realplayer 10.0.5
realnetworks realplayer 10.5_6.0.12.1053
realnetworks helix_player 10.0.6
realnetworks realplayer *
realnetworks realplayer 10.5_6.0.12.1069
realnetworks realplayer 10.0.6
realnetworks helix_player 10.0.4
realnetworks helix_player 10.0.1
realnetworks realplayer 10.0.0.305
realnetworks realone_player *
realnetworks helix_player 10.0
realnetworks helix_player 10.0.5
realnetworks realplayer 10.0.3
realnetworks rhapsody 3.0
realnetworks realone_player 1.0
realnetworks helix_player 10.0.3
realnetworks realone_player 2.0
realnetworks realone_player 0.288
realnetworks realplayer 10.5
realnetworks realplayer 10.5_6.0.12.1056
realnetworks realone_player 0.297
CVE-2005-2936 HIGH

Unquoted Windows search path vulnerability in RealNetworks RealPlayer 10.5 6.0.12.1040 through 6.0.12.1348, RealPlayer 10, RealOne Player v2, RealOne Player v1, and RealPlayer 8 before 20060322 might allow local users to gain privileges via a malicious C:\program.exe file.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
realnetworks realone_player 1.0
realnetworks realplayer 10.0
realnetworks realone_player 2.0
realnetworks realplayer 10.5_6.0.12.1348
realnetworks realplayer 10.5_6.0.12.1040
realnetworks realplayer 8.0
CVE-2005-3677 HIGH

Buffer overflow in RealNetworks RealPlayer 10 and 10.5 allows remote attackers to execute arbitrary code via a crafted image in a RealPlayer Skin (RJS) file. NOTE: due to the lack of details, it is unclear how this is different than CVE-2005-2629 and CVE-2005-2630, but the vendor advisory implies that it is different.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
realnetworks realplayer 10.5_6.0.12.1053
realnetworks realplayer 10.0
realnetworks realplayer 10.5_6.0.12.1235
realnetworks realplayer 10.5_6.0.12.1059
realnetworks realplayer 10.5_6.0.12.1040
realnetworks realplayer 10.5_6.0.12.1056
realnetworks realplayer 10.5_6.0.12.1069
CVE-2005-4126 HIGH

** UNVERIFIABLE, PRERELEASE ** NOTE: this issue describes a problem that can not be independently verified as of 20051208. Unspecified vulnerability in unspecified versions of Real Networks RealPlayer allows attackers to execute arbitrary code. NOTE: the information regarding this issue is extremely vague and does not provide any verifiable information. It has been posted by a reliable reporter with a prerelease disclosure policy. This item has only been assigned a CVE identifier for tracking purposes, and to serve as a concrete example for discussion of the newly emerging UNVERIFIABLE and PRERELEASE content decisions in CVE, which must be discussed by the Editorial Board. Without additional details or independent verification by reliable sources, it is possible that this item might be RECAST or REJECTED.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
realnetworks realplayer 10.0
realnetworks realplayer 10.0_beta
realnetworks realplayer 10.5_6.0.12.1235
realnetworks realplayer 10.5_6.0.12.1059
realnetworks realplayer 10.5_6.0.12.1040
realnetworks realplayer 8.0
realnetworks realplayer 10.5_6.0.12.1016_beta
realnetworks realplayer 6.0
realnetworks realplayer 10.5_6.0.12.1053
realnetworks realplayer 10.0_6.0.12.690
realnetworks realplayer 10.5
realnetworks realplayer 10.5_6.0.12.1056
realnetworks realplayer 7.0
realnetworks realplayer 10.5_6.0.12.1069
CVE-2005-4130 HIGH

** UNVERIFIABLE, PRERELEASE ** NOTE: this issue describes a problem that can not be independently verified as of 20051208. Unspecified vulnerability in unspecified versions of Real Networks RealPlayer allows remote attackers to execute arbitrary code. NOTE: it is not known whether this issue should be MERGED with CVE-2005-4126. The information regarding this issue is extremely vague and does not provide any verifiable information. It has been posted by a reliable reporter with a prerelease disclosure policy. This item has only been assigned a CVE identifier for tracking purposes, and to serve as a concrete example for discussion of the newly emerging UNVERIFIABLE and PRERELEASE content decisions in CVE, which must be discussed by the Editorial Board. Without additional details or independent verification by reliable sources, it is possible that this item might be RECAST or REJECTED.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
realnetworks realplayer *
CVE-2006-0323 HIGH

Buffer overflow in swfformat.dll in multiple RealNetworks products and versions including RealPlayer 10.x, RealOne Player, Rhapsody 3, and Helix Player allows remote attackers to execute arbitrary code via a crafted SWF (Flash) file with (1) a size value that is less than the actual size, or (2) other unspecified manipulations.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
realnetworks realplayer 10.0
realnetworks realone_player *
realnetworks helix_player *
realnetworks realplayer 10.5
realnetworks realplayer 10.0.6
realnetworks rhapsody 3
CVE-2006-1370 HIGH

Buffer overflow in RealNetworks RealPlayer 10.5 6.0.12.1040 through 6.0.12.1348, RealPlayer 10, RealOne Player v2, RealOne Player v1, RealPlayer 8, and RealPlayer Enterprise before 20060322 allows remote attackers to have an unknown impact via a malicious Mimio boardCast (mbc) file.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
realnetworks realplayer 10.0
realnetworks realplayer 10.5_6.0.12.1235
realnetworks realplayer 10.5_6.0.12.1059
realnetworks realplayer 10.5_6.0.12.1348
realnetworks realplayer 10.5_6.0.12.1040
realnetworks realplayer 8.0
realnetworks realplayer 10.5_6.0.12.1053
realnetworks realone_player 1.0
realnetworks realone_player 2.0
realnetworks realplayer 10.5_6.0.12.1056
realnetworks realplayer *
realnetworks realplayer 10.5_6.0.12.1069
CVE-2006-3276 HIGH

Heap-based buffer overflow in RealNetworks Helix DNA Server 10.0 and 11.0 allows remote attackers to execute arbitrary code via (1) a long User-Agent HTTP header in the RTSP service and (2) unspecified vectors involving the "parsing of HTTP URL schemes".

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
realnetworks helix_dna_server 10.0
realnetworks helix_dna_server 11.0
CVE-2007-6224 MEDIUM

The RealNetworks RealAudioObjects.RealAudio ActiveX control in rmoc3260.dll, as shipped with RealPlayer 11, allows remote attackers to cause a denial of service (browser crash) via a certain argument to the GetSourceTransport method.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
realnetworks realplayer 11.0
CVE-2007-6235 MEDIUM

A certain ActiveX control in RealNetworks RealPlayer 11 allows remote attackers to cause a denial of service (application crash) via a malformed .au file that triggers a divide-by-zero error. NOTE: this might be related to CVE-2007-4904.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
realnetworks realplayer 11
CVE-2009-4241 HIGH

Heap-based buffer overflow in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows remote attackers to execute arbitrary code via a file with invalid ASMRuleBook structures that trigger heap memory corruption.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
realnetworks realplayer 10.1
realnetworks realplayer 10.0
realnetworks realplayer 11.0.5
realnetworks helix_player 10.0
realnetworks realplayer 11.0.2
realnetworks realplayer_sp 1.0.1
realnetworks helix_player 11.0.1
realnetworks realplayer 11.0.1
realnetworks realplayer 11.0.0
realnetworks realplayer 11.0
realnetworks realplayer_enterprise *
realnetworks realplayer 10.5
realnetworks realplayer 11.0.3
realnetworks realplayer 11.0.4
realnetworks realplayer_sp 1.0.0
realnetworks helix_player 11.0.0
CVE-2009-4242 HIGH

Heap-based buffer overflow in the CGIFCodec::GetPacketBuffer function in datatype/image/gif/common/gifcodec.cpp in RealNetworks RealPlayer 10; RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741; RealPlayer 11 11.0.0 through 11.0.4; RealPlayer Enterprise; Mac RealPlayer 10, 10.1, and 11.0; Linux RealPlayer 10; and Helix Player 10.x allows remote attackers to execute arbitrary code via a GIF file with crafted chunk sizes that trigger improper memory allocation.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
realnetworks realplayer 10.1
realnetworks realplayer 10.0
realnetworks realplayer 11.0.5
realnetworks helix_player 10.0
realnetworks realplayer 11.0.2
realnetworks realplayer_sp 1.0.1
realnetworks helix_player 11.0.1
realnetworks realplayer 11.0.1
realnetworks realplayer 11.0.0
realnetworks realplayer 11.0
realnetworks realplayer_enterprise *
realnetworks realplayer 10.5
realnetworks realplayer 11.0.3
realnetworks realplayer 11.0.4
realnetworks realplayer_sp 1.0.0
realnetworks helix_player 11.0.0
CVE-2009-4243 HIGH

RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allow remote attackers to have an unspecified impact via a crafted media file that uses HTTP chunked transfer coding, related to an "overflow."

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
realnetworks realplayer 10.1
realnetworks realplayer 10.0
realnetworks realplayer 11.0.5
realnetworks helix_player 10.0
realnetworks realplayer 11.0.2
realnetworks realplayer_sp 1.0.1
realnetworks helix_player 11.0.1
realnetworks realplayer 11.0.1
realnetworks realplayer 11.0.0
realnetworks realplayer 11.0
realnetworks realplayer_enterprise *
realnetworks realplayer 10.5
realnetworks realplayer 11.0.3
realnetworks realplayer 11.0.4
realnetworks realplayer_sp 1.0.0
realnetworks helix_player 11.0.0
CVE-2009-4244 HIGH

Heap-based buffer overflow in RealNetworks RealPlayer 10; RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741; RealPlayer 11 11.0.0 through 11.0.4; RealPlayer Enterprise; Mac RealPlayer 10, 10.1, and 11.0; Linux RealPlayer 10; and Helix Player 10.x allows remote attackers to execute arbitrary code via an SIPR codec field with a small length value that triggers incorrect memory allocation.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
realnetworks realplayer 10.1
realnetworks realplayer 10.0
realnetworks realplayer 11.0.5
realnetworks helix_player 10.0
realnetworks realplayer 11.0.2
realnetworks realplayer_sp 1.0.1
realnetworks helix_player 11.0.1
realnetworks realplayer 11.0.1
realnetworks realplayer 11.0.0
realnetworks realplayer 11.0
realnetworks realplayer_enterprise *
realnetworks realplayer 10.5
realnetworks realplayer 11.0.3
realnetworks realplayer 11.0.4
realnetworks realplayer_sp 1.0.0
realnetworks helix_player 11.0.0
CVE-2009-4245 HIGH

Heap-based buffer overflow in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a compressed GIF file, related to gifcodec.cpp and gifimage.cpp.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
realnetworks realplayer 10.1
realnetworks realplayer 10.0
realnetworks realplayer 11.0.5
realnetworks helix_player 10.0
realnetworks realplayer 11.0.2
realnetworks realplayer_sp 1.0.1
realnetworks helix_player 11.0.1
realnetworks realplayer 11.0.1
realnetworks realplayer 11.0.0
realnetworks realplayer 11.0
realnetworks realplayer_enterprise *
realnetworks realplayer 10.5
realnetworks realplayer 11.0.3
realnetworks realplayer 11.0.4
realnetworks realplayer_sp 1.0.0
realnetworks helix_player 11.0.0
CVE-2009-4246 HIGH

Stack-based buffer overflow in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows user-assisted remote attackers to execute arbitrary code via a malformed .RJS skin file that contains a web.xmb file with crafted length values.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
realnetworks realplayer 10.1
realnetworks realplayer 10.0
realnetworks realplayer 11.0.5
realnetworks helix_player 10.0
realnetworks realplayer 11.0.2
realnetworks realplayer_sp 1.0.1
realnetworks helix_player 11.0.1
realnetworks realplayer 11.0.1
realnetworks realplayer 11.0.0
realnetworks realplayer 11.0
realnetworks realplayer_enterprise *
realnetworks realplayer 10.5
realnetworks realplayer 11.0.3
realnetworks realplayer 11.0.4
realnetworks realplayer_sp 1.0.0
realnetworks helix_player 11.0.0
CVE-2009-4247 HIGH

Stack-based buffer overflow in protocol/rtsp/rtspclnt.cpp in RealNetworks RealPlayer 10; RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741; RealPlayer 11 11.0.x; RealPlayer SP 1.0.0 and 1.0.1; RealPlayer Enterprise; Mac RealPlayer 10, 10.1, 11.0, and 11.0.1; Linux RealPlayer 10, 11.0.0, and 11.0.1; and Helix Player 10.x, 11.0.0, and 11.0.1 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an ASM RuleBook with a large number of rules, related to an "array overflow."

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
realnetworks realplayer 10.1
realnetworks realplayer 10.0
realnetworks realplayer 11.0.5
realnetworks helix_player 10.0
realnetworks realplayer 11.0.2
realnetworks realplayer_sp 1.0.1
realnetworks helix_player 11.0.1
realnetworks realplayer 11.0.1
realnetworks realplayer 11.0.0
realnetworks realplayer 11.0
realnetworks realplayer_enterprise *
realnetworks realplayer 10.5
realnetworks realplayer 11.0.3
realnetworks realplayer 11.0.4
realnetworks realplayer_sp 1.0.0
realnetworks helix_player 11.0.0
CVE-2009-4248 HIGH

Buffer overflow in the RTSPProtocol::HandleSetParameterRequest function in client/core/rtspprotocol.cpp in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted RTSP SET_PARAMETER request.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
realnetworks realplayer 10.1
realnetworks realplayer 10.0
realnetworks realplayer 11.0.5
realnetworks helix_player 10.0
realnetworks realplayer 11.0.2
realnetworks realplayer_sp 1.0.1
realnetworks helix_player 11.0.1
realnetworks realplayer 11.0.1
realnetworks realplayer 11.0.0
realnetworks realplayer 11.0
realnetworks realplayer_enterprise *
realnetworks realplayer 10.5
realnetworks realplayer 11.0.3
realnetworks realplayer 11.0.4
realnetworks realplayer_sp 1.0.0
realnetworks helix_player 11.0.0
CVE-2009-4257 HIGH

Heap-based buffer overflow in datatype/smil/common/smlpkt.cpp in smlrender.dll in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10 and 11.0.0, and Helix Player 10.x and 11.0.0 allows remote attackers to execute arbitrary code via an SMIL file with crafted string lengths.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
realnetworks realplayer 10.1
realnetworks realplayer 10.0
realnetworks realplayer 11.0.5
realnetworks helix_player 10.0
realnetworks realplayer 11.0.2
realnetworks realplayer_sp 1.0.1
realnetworks helix_player 11.0.1
realnetworks realplayer 11.0.1
realnetworks realplayer 11.0.0
realnetworks realplayer 11.0
realnetworks realplayer_enterprise *
realnetworks realplayer 10.5
realnetworks realplayer 11.0.3
realnetworks realplayer 11.0.4
realnetworks realplayer_sp 1.0.0
realnetworks helix_player 11.0.0
CVE-2010-0116 HIGH

Integer overflow in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.4 on Windows might allow remote attackers to execute arbitrary code via a crafted QCP file that triggers a heap-based buffer overflow.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-189,

Products Affected

Vendor Product Version
realnetworks realplayer_sp 1.0.5
realnetworks realplayer_sp 1.1.3
realnetworks realplayer 11.1
realnetworks realplayer_sp 1.1.4
realnetworks realplayer_sp 1.1.1
realnetworks realplayer 11.0
realnetworks realplayer_sp 1.0.1
realnetworks realplayer_sp 1.1
realnetworks realplayer_sp 1.0.2
realnetworks realplayer_sp 1.0.0
realnetworks realplayer_sp 1.1.2
CVE-2010-0117 HIGH

RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.4 on Windows do not properly handle dimensions during YUV420 transformations, which might allow remote attackers to execute arbitrary code via crafted MP4 content.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
realnetworks realplayer_sp 1.0.5
realnetworks realplayer_sp 1.1.3
realnetworks realplayer 11.1
realnetworks realplayer_sp 1.1.4
realnetworks realplayer_sp 1.1.1
realnetworks realplayer 11.0
realnetworks realplayer_sp 1.0.1
realnetworks realplayer_sp 1.1
realnetworks realplayer_sp 1.0.2
realnetworks realplayer_sp 1.0.0
realnetworks realplayer_sp 1.1.2
CVE-2010-0120 HIGH

Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.4 on Windows allows remote attackers to execute arbitrary code via large size values in QCP audio content.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
realnetworks realplayer_sp 1.0.5
realnetworks realplayer_sp 1.1.3
realnetworks realplayer 11.1
realnetworks realplayer_sp 1.1.4
realnetworks realplayer_sp 1.1.1
realnetworks realplayer 11.0
realnetworks realplayer_sp 1.0.1
realnetworks realplayer_sp 1.1
realnetworks realplayer_sp 1.0.2
realnetworks realplayer_sp 1.0.0
realnetworks realplayer_sp 1.1.2
CVE-2010-0121 HIGH

The cook codec in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.5, Mac RealPlayer 11.0 through 12.0.0.1444, and Linux RealPlayer 11.0.2.1744 does not properly perform initialization, which has unspecified impact and attack vectors.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
realnetworks realplayer_sp 1.0.5
realnetworks realplayer_sp 1.1.4
realnetworks realplayer 11.0.2.1744
realnetworks realplayer 11.0.5
realnetworks realplayer 11.0.2
realnetworks realplayer_sp 1.0.1
realnetworks realplayer_sp 1.1
realnetworks realplayer_sp 1.0.2
realnetworks realplayer 11.0.1
realnetworks realplayer_sp 1.1.2
realnetworks realplayer_sp 1.1.3
realnetworks realplayer 11.1
realnetworks realplayer 12.0.0.1444
realnetworks realplayer_sp 1.1.1
realnetworks realplayer 11.0
realnetworks realplayer 11.0.3
realnetworks realplayer 11.0.4
realnetworks realplayer_sp 1.0.0
realnetworks realplayer_sp 1.1.5
CVE-2010-0125 HIGH

RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.4, RealPlayer Enterprise 2.1.2, and Mac RealPlayer 11.0 through 12.0.0.1444 do not properly parse spectral data in AAC files, which has unspecified impact and remote attack vectors.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
realnetworks realplayer_sp 1.0.5
realnetworks realplayer_sp 1.1.4
realnetworks realplayer 11.0.5
realnetworks realplayer 11.0.2
realnetworks realplayer_sp 1.0.1
realnetworks realplayer_sp 1.1
realnetworks realplayer_sp 1.0.2
realnetworks realplayer 11.0.1
realnetworks realplayer_sp 1.1.2
realnetworks realplayer_sp 1.1.3
realnetworks realplayer 11.1
realnetworks realplayer 2.1.2
realnetworks realplayer 12.0.0.1444
realnetworks realplayer_sp 1.1.1
realnetworks realplayer 11.0
realnetworks realplayer 11.0.3
realnetworks realplayer 11.0.4
realnetworks realplayer_sp 1.0.0
CVE-2010-0416 HIGH

Buffer overflow in the Unescape function in common/util/hxurl.cpp and player/hxclientkit/src/CHXClientSink.cpp in Helix Player 1.0.6 and RealPlayer allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a URL argument containing a % (percent) character that is not followed by two hex digits.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
realnetworks realplayer *
realnetworks helix_player 1.0.6
CVE-2010-0417 MEDIUM

Buffer overflow in common/util/rlstate.cpp in Helix Player 1.0.6 and RealPlayer allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a RuleBook structure with a large number of rule-separator characters that trigger heap memory corruption.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
realnetworks realplayer *
realnetworks helix_player 1.0.6
CVE-2010-1317 HIGH

Heap-based buffer overflow in the NTLM authentication functionality in RealNetworks Helix Server and Helix Mobile Server 11.x, 12.x, and 13.x allows remote attackers to have an unspecified impact via invalid base64-encoded data.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
realnetworks helix_server_mobile 13.0.0
realnetworks helix_dna_server 11.1.2
realnetworks helix_dna_server 11.1.3
realnetworks helix_server 13.0.0
realnetworks helix_server_mobile 12.0.0
realnetworks helix_server 11.1
realnetworks helix_dna_server 11.0
realnetworks helix_server 11.0
realnetworks helix_dna_server 13.0
realnetworks helix_dna_server 11.1
realnetworks helix_server_mobile 11.0
realnetworks helix_dna_server 12.0
realnetworks helix_server 12.0.0
CVE-2010-1318 HIGH

Stack-based buffer overflow in the AgentX::receive_agentx function in AgentX++ 1.4.16, as used in RealNetworks Helix Server and Helix Mobile Server 11.x through 13.x and other products, allows remote attackers to execute arbitrary code via unspecified vectors.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
realnetworks helix_server 11.0
realnetworks helix_server_mobile 13.0.0
realnetworks helix_server *
realnetworks helix_server_mobile 11.0
realnetworks helix_server 12.0.1
realnetworks helix_mobile_server *
realnetworks helix_server 12.0.0
realnetworks helix_server_mobile 12.0.0
realnetworks helix_server 11.1
CVE-2010-1319 HIGH

Integer overflow in the AgentX::receive_agentx function in AgentX++ 1.4.16, as used in RealNetworks Helix Server and Helix Mobile Server 11.x through 13.x and other products, allows remote attackers to execute arbitrary code via a request with a crafted payload length.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-189,

Products Affected

Vendor Product Version
realnetworks helix_server 11.0
realnetworks helix_server_mobile 13.0.0
realnetworks helix_server *
realnetworks helix_server_mobile 11.0
realnetworks helix_server 12.0.1
realnetworks helix_mobile_server *
realnetworks helix_server 12.0.0
realnetworks helix_server_mobile 12.0.0
realnetworks helix_server 11.1
CVE-2010-2578 HIGH

Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.4, and RealPlayer Enterprise 2.1.2 allows remote attackers to have an unspecified impact via a crafted QCP file.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
realnetworks realplayer_sp 1.0.5
realnetworks realplayer_sp 1.1.4
realnetworks realplayer 11.0.5
realnetworks realplayer 11.0.2
realnetworks realplayer_sp 1.0.1
realnetworks realplayer_sp 1.1
realnetworks realplayer_sp 1.0.2
realnetworks realplayer 11.0.1
realnetworks realplayer_sp 1.1.2
realnetworks realplayer_sp 1.1.3
realnetworks realplayer 11.1
realnetworks realplayer 2.1.2
realnetworks realplayer_sp 1.1.1
realnetworks realplayer 11.0
realnetworks realplayer 11.0.3
realnetworks realplayer 11.0.4
realnetworks realplayer_sp 1.0.0
CVE-2010-2579 MEDIUM

The cook codec in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.4, RealPlayer Enterprise 2.1.2, Mac RealPlayer 11.0 through 11.1, and Linux RealPlayer 11.0.2.1744 does not properly initialize the number of channels, which allows attackers to obtain unspecified "memory access" via unknown vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
realnetworks realplayer_sp 1.0.5
realnetworks realplayer_sp 1.1.4
realnetworks realplayer 11.0.2.1744
realnetworks realplayer 11.0.5
realnetworks realplayer 11.0.2
realnetworks realplayer_sp 1.0.1
realnetworks realplayer_sp 1.1
realnetworks realplayer_sp 1.0.2
realnetworks realplayer 11.0.1
realnetworks realplayer_sp 1.1.2
realnetworks realplayer_sp 1.1.3
realnetworks realplayer 11.1
realnetworks realplayer_sp 1.1.1
realnetworks realplayer 11.0
realnetworks realplayer 11.0.3
realnetworks realplayer 11.0.4
realnetworks realplayer_sp 1.0.0
CVE-2010-2996 HIGH

Array index error in RealNetworks RealPlayer 11.0 through 11.1 on Windows allows remote attackers to execute arbitrary code via a malformed header in a RealMedia .IVR file.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-94,

Products Affected

Vendor Product Version
realnetworks realplayer 11.1
realnetworks realplayer 11.0
CVE-2010-2997 HIGH

Use-after-free vulnerability in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.0.1, Mac RealPlayer 11.0 through 11.1, Linux RealPlayer 11.0.2.1744, and possibly HelixPlayer 1.0.6 and other versions, allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted StreamTitle tag in an ICY SHOUTcast stream, related to the SMIL file format.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-399,

Products Affected

Vendor Product Version
realnetworks realplayer 11.1
realnetworks realplayer 11.0.2.1744
realnetworks realplayer 11.0.5
realnetworks realplayer 11.0
realnetworks realplayer 11.0.2
realnetworks realplayer_sp 1.0.1
realnetworks realplayer 11.0.3
realnetworks realplayer 11.0.4
realnetworks realplayer 11.0.1
realnetworks realplayer_sp 1.0.0
CVE-2010-2998 HIGH

Array index error in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.0.1 allows remote attackers to execute arbitrary code via malformed sample data in a RealMedia .IVR file, related to a "malformed IVR pointer index" issue.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
realnetworks realplayer 11.1
realnetworks realplayer 11.0.5
realnetworks realplayer 11.0
realnetworks realplayer 11.0.2
realnetworks realplayer_sp 1.0.1
realnetworks realplayer 11.0.3
realnetworks realplayer 11.0.4
realnetworks realplayer 11.0.1
realnetworks realplayer_sp 1.0.0
CVE-2010-2999 HIGH

Integer overflow in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.0.1, Mac RealPlayer 11.0 through 11.1, and Linux RealPlayer 11.0.2.1744 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a malformed MLLT atom in an AAC file.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-189,

Products Affected

Vendor Product Version
realnetworks realplayer 11.1
realnetworks realplayer 11.0.2.1744
realnetworks realplayer 11.0.5
realnetworks realplayer 11.0
realnetworks realplayer 11.0.2
realnetworks realplayer_sp 1.0.1
realnetworks realplayer 11.0.3
realnetworks realplayer 11.0.4
realnetworks realplayer 11.0.1
realnetworks realplayer_sp 1.0.0
CVE-2010-3000 HIGH

Multiple integer overflows in the ParseKnownType function in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.4 on Windows allow remote attackers to execute arbitrary code via crafted (1) HX_FLV_META_AMF_TYPE_MIXEDARRAY or (2) HX_FLV_META_AMF_TYPE_ARRAY data in an FLV file.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-189,

Products Affected

Vendor Product Version
realnetworks realplayer_sp 1.0.5
realnetworks realplayer_sp 1.1.3
realnetworks realplayer 11.1
realnetworks realplayer_sp 1.1.4
realnetworks realplayer_sp 1.1.1
realnetworks realplayer 11.0
realnetworks realplayer_sp 1.0.1
realnetworks realplayer_sp 1.1
realnetworks realplayer_sp 1.0.2
realnetworks realplayer_sp 1.0.0
realnetworks realplayer_sp 1.1.2
CVE-2010-3001 HIGH

Unspecified vulnerability in an ActiveX control in the Internet Explorer (IE) plugin in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.4 on Windows has unknown impact and attack vectors related to "multiple browser windows."

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
realnetworks realplayer_sp 1.0.5
realnetworks realplayer_sp 1.1.3
realnetworks realplayer 11.1
realnetworks realplayer_sp 1.1.4
realnetworks realplayer_sp 1.1.1
realnetworks realplayer 11.0
realnetworks realplayer_sp 1.0.1
realnetworks realplayer_sp 1.1
realnetworks realplayer_sp 1.0.2
realnetworks realplayer_sp 1.0.0
realnetworks realplayer_sp 1.1.2
CVE-2010-3002 HIGH

Unspecified vulnerability in RealNetworks RealPlayer 11.0 through 11.1 allows attackers to bypass intended access restrictions on files via unknown vectors.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
realnetworks realplayer 11.1
realnetworks realplayer 11.0
CVE-2010-3747 HIGH

An ActiveX control in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.4, and RealPlayer Enterprise 2.1.2 does not properly initialize an unspecified object component during parsing of a CDDA URI, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized pointer dereference and application crash) via a long URI.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
realnetworks realplayer_sp 1.0.5
realnetworks realplayer_sp 1.1.4
realnetworks realplayer 11.0.5
realnetworks realplayer 11.0.2
realnetworks realplayer_sp 1.0.1
realnetworks realplayer_sp 1.1
realnetworks realplayer_sp 1.0.2
realnetworks realplayer 11.0.1
realnetworks realplayer_sp 1.1.2
realnetworks realplayer_sp 1.1.3
realnetworks realplayer 11.1
realnetworks realplayer 2.1.2
realnetworks realplayer_sp 1.1.1
realnetworks realplayer 11.0
realnetworks realplayer 11.0.3
realnetworks realplayer 11.0.4
realnetworks realplayer_sp 1.0.0
CVE-2010-3748 HIGH

Stack-based buffer overflow in the RichFX component in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.4, and RealPlayer Enterprise 2.1.2 allows remote attackers to have an unspecified impact via unknown vectors.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
realnetworks realplayer_sp 1.0.5
realnetworks realplayer_sp 1.1.4
realnetworks realplayer 11.0.5
realnetworks realplayer 11.0.2
realnetworks realplayer_sp 1.0.1
realnetworks realplayer_sp 1.1
realnetworks realplayer_sp 1.0.2
realnetworks realplayer 11.0.1
realnetworks realplayer_sp 1.1.2
realnetworks realplayer_sp 1.1.3
realnetworks realplayer 11.1
realnetworks realplayer 2.1.2
realnetworks realplayer_sp 1.1.1
realnetworks realplayer 11.0
realnetworks realplayer 11.0.3
realnetworks realplayer 11.0.4
realnetworks realplayer_sp 1.0.0
CVE-2010-3749 HIGH

The browser-plugin implementation in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1 allows remote attackers to arguments to the RecordClip method, which allows remote attackers to download an arbitrary program onto a client machine, and execute this program, via a " (double quote) in an argument to the RecordClip method, aka "parameter injection."

CVSS 2.0

Severity: HIGH

Problem Type: CWE-94,

Products Affected

Vendor Product Version
realnetworks realplayer_sp 1.0.5
realnetworks realplayer_sp 1.1.4
realnetworks realplayer 11.0.5
realnetworks realplayer 11.0.2
realnetworks realplayer_sp 1.0.1
realnetworks realplayer_sp 1.1
realnetworks realplayer_sp 1.0.2
realnetworks realplayer 11.0.1
realnetworks realplayer_sp 1.1.2
realnetworks realplayer_sp 1.1.3
realnetworks realplayer 11.1
realnetworks realplayer_sp 1.1.1
realnetworks realplayer 11.0
realnetworks realplayer 11.0.3
realnetworks realplayer 11.0.4
realnetworks realplayer_sp 1.0.0
CVE-2010-3750 HIGH

rjrmrpln.dll in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.4, and RealPlayer Enterprise 2.1.2 does not properly validate file contents that are used during interaction with a heap buffer, which allows remote attackers to execute arbitrary code via crafted Name Value Property (NVP) elements in logical streams in a media file.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
realnetworks realplayer_sp 1.0.5
realnetworks realplayer_sp 1.1.4
realnetworks realplayer 11.0.5
realnetworks realplayer 11.0.2
realnetworks realplayer_sp 1.0.1
realnetworks realplayer_sp 1.1
realnetworks realplayer_sp 1.0.2
realnetworks realplayer 11.0.1
realnetworks realplayer_sp 1.1.2
realnetworks realplayer_sp 1.1.3
realnetworks realplayer 11.1
realnetworks realplayer 2.1.2
realnetworks realplayer_sp 1.1.1
realnetworks realplayer 11.0
realnetworks realplayer 11.0.3
realnetworks realplayer 11.0.4
realnetworks realplayer_sp 1.0.0
CVE-2010-3751 HIGH

Multiple heap-based buffer overflows in an ActiveX control in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.4 allow remote attackers to execute arbitrary code via a long .smil argument to the (1) tfile, (2) pnmm, or (3) cdda protocol handler.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
realnetworks realplayer_sp 1.0.5
realnetworks realplayer_sp 1.1.4
realnetworks realplayer 11.0.5
realnetworks realplayer 11.0.2
realnetworks realplayer_sp 1.0.1
realnetworks realplayer_sp 1.1
realnetworks realplayer_sp 1.0.2
realnetworks realplayer 11.0.1
realnetworks realplayer_sp 1.1.2
realnetworks realplayer_sp 1.1.3
realnetworks realplayer 11.1
realnetworks realplayer_sp 1.1.1
realnetworks realplayer 11.0
realnetworks realplayer 11.0.3
realnetworks realplayer 11.0.4
realnetworks realplayer_sp 1.0.0
CVE-2010-4235 HIGH

Format string vulnerability in RealNetworks Helix Server 12.x, 13.x, and 14.x before 14.2, and Helix Mobile Server 12.x, 13.x, and 14.x before 14.2, allows remote attackers to execute arbitrary code via vectors related to the x-wap-profile HTTP header.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-134,

Products Affected

Vendor Product Version
realnetworks helix_server 14.0.0
realnetworks helix_server 14.0.1
realnetworks helix_server 12.0.1
realnetworks helix_server 13.1.1
realnetworks helix_mobile_server 13.1.1
realnetworks helix_mobile_server 14.0.1
realnetworks helix_server 12.0.0
realnetworks helix_server 13.0.0
realnetworks helix_mobile_server 12.0
realnetworks helix_mobile_server 14.0.0
CVE-2010-4375 HIGH

Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11.1, Mac RealPlayer 11.0 through 11.1, Linux RealPlayer 11.0.2.1744, and possibly HelixPlayer 1.0.6 and other versions, allows remote attackers to execute arbitrary code via malformed multi-rate data in an audio stream.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
realnetworks realplayer 11.1
realnetworks realplayer 11.0.2.1744
realnetworks realplayer 11.0.5
realnetworks realplayer 11.0
realnetworks realplayer 11.0.2
realnetworks realplayer 11.0.3
realnetworks realplayer 11.0.4
realnetworks realplayer 11.0.1
CVE-2010-4376 HIGH

Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.1, Mac RealPlayer 11.0 through 11.1, and Linux RealPlayer 11.0.2.1744 allows remote attackers to execute arbitrary code via a large Screen Width value in the Screen Descriptor header of a GIF87a file in an RTSP stream.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
realnetworks realplayer_sp 1.0.5
realnetworks realplayer 11.0.2.1744
realnetworks realplayer 11.0.5
realnetworks realplayer 11.0.2
realnetworks realplayer_sp 1.0.1
realnetworks realplayer_sp 1.1
realnetworks realplayer_sp 1.0.2
realnetworks realplayer 11.0.1
realnetworks realplayer 11.1
realnetworks realplayer_sp 1.1.1
realnetworks realplayer 11.0
realnetworks realplayer 11.0.3
realnetworks realplayer 11.0.4
realnetworks realplayer_sp 1.0.0
CVE-2010-4377 HIGH

Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.5, Mac RealPlayer 11.0 through 12.0.0.1444, and Linux RealPlayer 11.0.2.1744 allows remote attackers to execute arbitrary code by specifying many subbands in cook audio codec information in a Real Audio file.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
realnetworks realplayer_sp 1.0.5
realnetworks realplayer_sp 1.1.4
realnetworks realplayer 11.0.2.1744
realnetworks realplayer 11.0.5
realnetworks realplayer 11.0.2
realnetworks realplayer_sp 1.0.1
realnetworks realplayer_sp 1.1
realnetworks realplayer_sp 1.0.2
realnetworks realplayer 11.0.1
realnetworks realplayer_sp 1.1.2
realnetworks realplayer_sp 1.1.3
realnetworks realplayer 11.1
realnetworks realplayer 12.0.0.1444
realnetworks realplayer_sp 1.1.1
realnetworks realplayer 11.0
realnetworks realplayer 11.0.3
realnetworks realplayer 11.0.4
realnetworks realplayer_sp 1.0.0
realnetworks realplayer_sp 1.1.5
CVE-2010-4378 HIGH

The drv2.dll (aka RV20 decompression) module in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.5, RealPlayer Enterprise 2.1.2 and 2.1.3, Linux RealPlayer 11.0.2.1744, and possibly HelixPlayer 1.0.6 and other versions, allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted value of an unspecified length field in an RV20 video stream.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
realnetworks realplayer_sp 1.0.5
realnetworks realplayer_sp 1.1.4
realnetworks realplayer 11.0.2.1744
realnetworks realplayer 11.0.5
realnetworks realplayer 2.1.3
realnetworks realplayer 11.0.2
realnetworks realplayer_sp 1.0.1
realnetworks realplayer_sp 1.1
realnetworks realplayer_sp 1.0.2
realnetworks realplayer 11.0.1
realnetworks realplayer_sp 1.1.2
realnetworks realplayer_sp 1.1.3
realnetworks realplayer 11.1
realnetworks realplayer 2.1.2
realnetworks realplayer_sp 1.1.1
realnetworks realplayer 11.0
realnetworks realplayer 11.0.3
realnetworks realplayer 11.0.4
realnetworks realplayer_sp 1.0.0
realnetworks realplayer_sp 1.1.5
CVE-2010-4379 HIGH

Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.4, RealPlayer Enterprise 2.1.2, Mac RealPlayer 11.0 through 11.1, Linux RealPlayer 11.0.2.1744, and possibly HelixPlayer 1.0.6 and other versions, allows remote attackers to have an unspecified impact via a crafted SIPR file.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
realnetworks realplayer_sp 1.0.5
realnetworks realplayer_sp 1.1.4
realnetworks realplayer 11.0.2.1744
realnetworks realplayer 11.0.5
realnetworks realplayer 11.0.2
realnetworks realplayer_sp 1.0.1
realnetworks realplayer_sp 1.1
realnetworks realplayer_sp 1.0.2
realnetworks realplayer 11.0.1
realnetworks realplayer_sp 1.1.2
realnetworks realplayer_sp 1.1.3
realnetworks realplayer 11.1
realnetworks realplayer 2.1.2
realnetworks realplayer_sp 1.1.1
realnetworks realplayer 11.0
realnetworks realplayer 11.0.3
realnetworks realplayer 11.0.4
realnetworks realplayer_sp 1.0.0
CVE-2010-4380 HIGH

Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.4, and RealPlayer Enterprise 2.1.2 allows remote attackers to have an unspecified impact via a crafted SOUND file.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
realnetworks realplayer_sp 1.0.5
realnetworks realplayer_sp 1.1.4
realnetworks realplayer 11.0.5
realnetworks realplayer 11.0.2
realnetworks realplayer_sp 1.0.1
realnetworks realplayer_sp 1.1
realnetworks realplayer_sp 1.0.2
realnetworks realplayer 11.0.1
realnetworks realplayer_sp 1.1.2
realnetworks realplayer_sp 1.1.3
realnetworks realplayer 11.1
realnetworks realplayer 2.1.2
realnetworks realplayer_sp 1.1.1
realnetworks realplayer 11.0
realnetworks realplayer 11.0.3
realnetworks realplayer 11.0.4
realnetworks realplayer_sp 1.0.0
CVE-2010-4381 HIGH

Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.4, RealPlayer Enterprise 2.1.2, and Mac RealPlayer 11.0 through 12.0.0.1444 allows remote attackers to have an unspecified impact via a crafted AAC file.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
realnetworks realplayer_sp 1.0.5
realnetworks realplayer_sp 1.1.4
realnetworks realplayer 11.0.5
realnetworks realplayer 11.0.2
realnetworks realplayer_sp 1.0.1
realnetworks realplayer_sp 1.1
realnetworks realplayer_sp 1.0.2
realnetworks realplayer 11.0.1
realnetworks realplayer_sp 1.1.2
realnetworks realplayer_sp 1.1.3
realnetworks realplayer 11.1
realnetworks realplayer 2.1.2
realnetworks realplayer 12.0.0.1444
realnetworks realplayer_sp 1.1.1
realnetworks realplayer 11.0
realnetworks realplayer 11.0.3
realnetworks realplayer 11.0.4
realnetworks realplayer_sp 1.0.0
CVE-2010-4382 HIGH

Multiple heap-based buffer overflows in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.4, RealPlayer Enterprise 2.1.2, Linux RealPlayer 11.0.2.1744, and possibly HelixPlayer 1.0.6 and other versions, allow remote attackers to have an unspecified impact via a crafted RealMedia file.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
realnetworks realplayer_sp 1.0.5
realnetworks realplayer_sp 1.1.4
realnetworks realplayer 11.0.2.1744
realnetworks realplayer 11.0.5
realnetworks realplayer 11.0.2
realnetworks realplayer_sp 1.0.1
realnetworks realplayer_sp 1.1
realnetworks realplayer_sp 1.0.2
realnetworks realplayer 11.0.1
realnetworks realplayer_sp 1.1.2
realnetworks realplayer_sp 1.1.3
realnetworks realplayer 11.1
realnetworks realplayer 2.1.2
realnetworks realplayer_sp 1.1.1
realnetworks realplayer 11.0
realnetworks realplayer 11.0.3
realnetworks realplayer 11.0.4
realnetworks realplayer_sp 1.0.0
CVE-2010-4383 HIGH

Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.4, RealPlayer Enterprise 2.1.2, Mac RealPlayer 11.0 through 12.0.0.1444, Linux RealPlayer 11.0.2.1744, and possibly HelixPlayer 1.0.6 and other versions, allows remote attackers to have an unspecified impact via a crafted RA5 file.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
realnetworks realplayer_sp 1.0.5
realnetworks realplayer_sp 1.1.4
realnetworks realplayer 11.0.2.1744
realnetworks realplayer 11.0.5
realnetworks realplayer 11.0.2
realnetworks realplayer_sp 1.0.1
realnetworks realplayer_sp 1.1
realnetworks realplayer_sp 1.0.2
realnetworks realplayer 11.0.1
realnetworks realplayer_sp 1.1.2
realnetworks realplayer_sp 1.1.3
realnetworks realplayer 11.1
realnetworks realplayer 2.1.2
realnetworks realplayer 12.0.0.1444
realnetworks realplayer_sp 1.1.1
realnetworks realplayer 11.0
realnetworks realplayer 11.0.3
realnetworks realplayer 11.0.4
realnetworks realplayer_sp 1.0.0
CVE-2010-4384 HIGH

Array index error in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer Enterprise 2.1.2, Mac RealPlayer 11.0 through 11.1, Linux RealPlayer 11.0.2.1744, and possibly HelixPlayer 1.0.6 and other versions, allows remote attackers to execute arbitrary code via a malformed Media Properties Header (aka MDPR) in a RealMedia file.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
realnetworks realplayer 11.1
realnetworks realplayer 2.1.2
realnetworks realplayer 11.0.2.1744
realnetworks realplayer 11.0.5
realnetworks realplayer 11.0
realnetworks realplayer 11.0.2
realnetworks realplayer 11.0.3
realnetworks realplayer 11.0.4
realnetworks realplayer 11.0.1
CVE-2010-4385 HIGH

Integer overflow in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.4, RealPlayer Enterprise 2.1.2, Linux RealPlayer 11.0.2.1744, and possibly HelixPlayer 1.0.6 and other versions, allows remote attackers to have an unspecified impact via crafted frame dimensions in an SIPR stream.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-189,

Products Affected

Vendor Product Version
realnetworks realplayer_sp 1.0.5
realnetworks realplayer_sp 1.1.4
realnetworks realplayer 11.0.2.1744
realnetworks realplayer 11.0.5
realnetworks realplayer 11.0.2
realnetworks realplayer_sp 1.0.1
realnetworks realplayer_sp 1.1
realnetworks realplayer_sp 1.0.2
realnetworks realplayer 11.0.1
realnetworks realplayer_sp 1.1.2
realnetworks realplayer_sp 1.1.3
realnetworks realplayer 11.1
realnetworks realplayer 2.1.2
realnetworks realplayer_sp 1.1.1
realnetworks realplayer 11.0
realnetworks realplayer 11.0.3
realnetworks realplayer 11.0.4
realnetworks realplayer_sp 1.0.0
CVE-2010-4386 HIGH

RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.4, Linux RealPlayer 11.0.2.1744, and possibly HelixPlayer 1.0.6 and other versions, allow remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted RealMedia video file.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
realnetworks realplayer_sp 1.0.5
realnetworks realplayer_sp 1.1.4
realnetworks realplayer 11.0.2.1744
realnetworks realplayer 11.0.5
realnetworks realplayer 11.0.2
realnetworks realplayer_sp 1.0.1
realnetworks realplayer_sp 1.1
realnetworks realplayer_sp 1.0.2
realnetworks realplayer 11.0.1
realnetworks realplayer_sp 1.1.2
realnetworks realplayer_sp 1.1.3
realnetworks realplayer 11.1
realnetworks realplayer_sp 1.1.1
realnetworks realplayer 11.0
realnetworks realplayer 11.0.3
realnetworks realplayer 11.0.4
realnetworks realplayer_sp 1.0.0
CVE-2010-4387 HIGH

The RealAudio codec in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.4, Mac RealPlayer 11.0 through 12.0.0.1444, and Linux RealPlayer 11.0.2.1744 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted audio stream in a RealMedia file.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
realnetworks realplayer_sp 1.0.5
realnetworks realplayer_sp 1.1.4
realnetworks realplayer 11.0.2.1744
realnetworks realplayer 11.0.5
realnetworks realplayer 11.0.2
realnetworks realplayer_sp 1.0.1
realnetworks realplayer_sp 1.1
realnetworks realplayer_sp 1.0.2
realnetworks realplayer 11.0.1
realnetworks realplayer_sp 1.1.2
realnetworks realplayer_sp 1.1.3
realnetworks realplayer 11.1
realnetworks realplayer 12.0.0.1444
realnetworks realplayer_sp 1.1.1
realnetworks realplayer 11.0
realnetworks realplayer 11.0.3
realnetworks realplayer 11.0.4
realnetworks realplayer_sp 1.0.0
CVE-2010-4388 MEDIUM

The (1) Upsell.htm, (2) Main.html, and (3) Custsupport.html components in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.5, and RealPlayer Enterprise 2.1.2 and 2.1.3 allow remote attackers to inject code into the RealOneActiveXObject process, and consequently bypass intended Local Machine Zone restrictions and load arbitrary ActiveX controls, via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
realnetworks realplayer_sp 1.0.5
realnetworks realplayer_sp 1.1.4
realnetworks realplayer 11.0.5
realnetworks realplayer 2.1.3
realnetworks realplayer 11.0.2
realnetworks realplayer_sp 1.0.1
realnetworks realplayer_sp 1.1
realnetworks realplayer_sp 1.0.2
realnetworks realplayer 11.0.1
realnetworks realplayer_sp 1.1.2
realnetworks realplayer_sp 1.1.3
realnetworks realplayer 11.1
realnetworks realplayer 2.1.2
realnetworks realplayer_sp 1.1.1
realnetworks realplayer 11.0
realnetworks realplayer 11.0.3
realnetworks realplayer 11.0.4
realnetworks realplayer_sp 1.0.0
realnetworks realplayer_sp 1.1.5
CVE-2010-4389 HIGH

Heap-based buffer overflow in the cook codec in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.5, and Linux RealPlayer 11.0.2.1744 allows remote attackers to execute arbitrary code via unspecified data in the initialization buffer.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
realnetworks realplayer_sp 1.0.5
realnetworks realplayer_sp 1.1.4
realnetworks realplayer 11.0.2.1744
realnetworks realplayer 11.0.5
realnetworks realplayer 11.0.2
realnetworks realplayer_sp 1.0.1
realnetworks realplayer_sp 1.1
realnetworks realplayer_sp 1.0.2
realnetworks realplayer 11.0.1
realnetworks realplayer_sp 1.1.2
realnetworks realplayer_sp 1.1.3
realnetworks realplayer 11.1
realnetworks realplayer_sp 1.1.1
realnetworks realplayer 11.0
realnetworks realplayer 11.0.3
realnetworks realplayer 11.0.4
realnetworks realplayer_sp 1.0.0
realnetworks realplayer_sp 1.1.5
CVE-2010-4390 HIGH

Multiple heap-based buffer overflows in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.5, and Linux RealPlayer 11.0.2.1744 allow remote attackers to have an unspecified impact via a crafted header in an IVR file.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
realnetworks realplayer_sp 1.0.5
realnetworks realplayer_sp 1.1.4
realnetworks realplayer 11.0.2.1744
realnetworks realplayer 11.0.5
realnetworks realplayer 11.0.2
realnetworks realplayer_sp 1.0.1
realnetworks realplayer_sp 1.1
realnetworks realplayer_sp 1.0.2
realnetworks realplayer 11.0.1
realnetworks realplayer_sp 1.1.2
realnetworks realplayer_sp 1.1.3
realnetworks realplayer 11.1
realnetworks realplayer_sp 1.1.1
realnetworks realplayer 11.0
realnetworks realplayer 11.0.3
realnetworks realplayer 11.0.4
realnetworks realplayer_sp 1.0.0
realnetworks realplayer_sp 1.1.5
CVE-2010-4391 HIGH

Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.5, and RealPlayer Enterprise 2.1.2 and 2.1.3 allows remote attackers to execute arbitrary code via a crafted value in an unspecified header field in an RMX file.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
realnetworks realplayer_sp 1.0.5
realnetworks realplayer_sp 1.1.4
realnetworks realplayer 11.0.5
realnetworks realplayer 2.1.3
realnetworks realplayer 11.0.2
realnetworks realplayer_sp 1.0.1
realnetworks realplayer_sp 1.1
realnetworks realplayer_sp 1.0.2
realnetworks realplayer 11.0.1
realnetworks realplayer_sp 1.1.2
realnetworks realplayer_sp 1.1.3
realnetworks realplayer 11.1
realnetworks realplayer 2.1.2
realnetworks realplayer_sp 1.1.1
realnetworks realplayer 11.0
realnetworks realplayer 11.0.3
realnetworks realplayer 11.0.4
realnetworks realplayer_sp 1.0.0
realnetworks realplayer_sp 1.1.5
CVE-2010-4392 HIGH

Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.5, RealPlayer Enterprise 2.1.2 and 2.1.3, Linux RealPlayer 11.0.2.1744, and possibly HelixPlayer 1.0.6 and other versions, allows remote attackers to execute arbitrary code via crafted ImageMap data in a RealMedia file, related to certain improper integer calculations.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
realnetworks realplayer_sp 1.0.5
realnetworks realplayer_sp 1.1.4
realnetworks realplayer 11.0.2.1744
realnetworks realplayer 11.0.5
realnetworks realplayer 2.1.3
realnetworks realplayer 11.0.2
realnetworks realplayer_sp 1.0.1
realnetworks realplayer_sp 1.1
realnetworks realplayer_sp 1.0.2
realnetworks realplayer 11.0.1
realnetworks realplayer_sp 1.1.2
realnetworks realplayer_sp 1.1.3
realnetworks realplayer 11.1
realnetworks realplayer 2.1.2
realnetworks realplayer_sp 1.1.1
realnetworks realplayer 11.0
realnetworks realplayer 11.0.3
realnetworks realplayer 11.0.4
realnetworks realplayer_sp 1.0.0
realnetworks realplayer_sp 1.1.5
CVE-2010-4393 HIGH

Heap-based buffer overflow in vidplin.dll in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.x before 14.0.2, and RealPlayer SP 1.0 through 1.1.5, allows remote attackers to execute arbitrary code via a crafted header in an AVI file.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
realnetworks realplayer_sp 1.0.5
realnetworks realplayer_sp 1.1.4
realnetworks realplayer_sp 1.0.1
realnetworks realplayer_sp 1.1
realnetworks realplayer 14.0.0
realnetworks realplayer_sp 1.0.2
realnetworks realplayer_sp 1.1.2
realnetworks realplayer_sp 1.1.3
realnetworks realplayer 11.1
realnetworks realplayer_sp 1.1.1
realnetworks realplayer 11.0
realnetworks realplayer 14.0.1
realnetworks realplayer_sp 1.0.0
realnetworks realplayer_sp 1.1.5
CVE-2010-4394 HIGH

Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.5 allows remote web servers to execute arbitrary code via a long Server header in a response to an HTTP request that occurs during parsing of a RealPix file.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
realnetworks realplayer_sp 1.0.5
realnetworks realplayer_sp 1.1.4
realnetworks realplayer 11.0.5
realnetworks realplayer 11.0.2
realnetworks realplayer_sp 1.0.1
realnetworks realplayer_sp 1.1
realnetworks realplayer_sp 1.0.2
realnetworks realplayer 11.0.1
realnetworks realplayer_sp 1.1.2
realnetworks realplayer_sp 1.1.3
realnetworks realplayer 11.1
realnetworks realplayer_sp 1.1.1
realnetworks realplayer 11.0
realnetworks realplayer 11.0.3
realnetworks realplayer 11.0.4
realnetworks realplayer_sp 1.0.0
realnetworks realplayer_sp 1.1.5
CVE-2010-4395 HIGH

Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.5, and Linux RealPlayer 11.0.2.1744 allows remote attackers to execute arbitrary code via a crafted conditional component in AAC frame data.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
realnetworks realplayer_sp 1.0.5
realnetworks realplayer_sp 1.1.4
realnetworks realplayer 11.0.2.1744
realnetworks realplayer 11.0.5
realnetworks realplayer 11.0.2
realnetworks realplayer_sp 1.0.1
realnetworks realplayer_sp 1.1
realnetworks realplayer_sp 1.0.2
realnetworks realplayer 11.0.1
realnetworks realplayer_sp 1.1.2
realnetworks realplayer_sp 1.1.3
realnetworks realplayer 11.1
realnetworks realplayer_sp 1.1.1
realnetworks realplayer 11.0
realnetworks realplayer 11.0.3
realnetworks realplayer 11.0.4
realnetworks realplayer_sp 1.0.0
realnetworks realplayer_sp 1.1.5
CVE-2010-4396 MEDIUM

Cross-zone scripting vulnerability in the HandleAction method in a certain ActiveX control in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.5, and RealPlayer Enterprise 2.1.2 allows remote attackers to inject arbitrary web script or HTML in the Local Zone by specifying a local file in a NavigateToURL action, as demonstrated by a local skin file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
realnetworks realplayer_sp 1.0.5
realnetworks realplayer_sp 1.1.4
realnetworks realplayer 11.0.5
realnetworks realplayer 11.0.2
realnetworks realplayer_sp 1.0.1
realnetworks realplayer_sp 1.1
realnetworks realplayer_sp 1.0.2
realnetworks realplayer 11.0.1
realnetworks realplayer_sp 1.1.2
realnetworks realplayer_sp 1.1.3
realnetworks realplayer 11.1
realnetworks realplayer 2.1.2
realnetworks realplayer_sp 1.1.1
realnetworks realplayer 11.0
realnetworks realplayer 11.0.3
realnetworks realplayer 11.0.4
realnetworks realplayer_sp 1.0.0
realnetworks realplayer_sp 1.1.5
CVE-2010-4397 HIGH

Integer overflow in the pnen3260.dll module in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.1, Mac RealPlayer 11.0 through 11.1, and Linux RealPlayer 11.0.2.1744 allows remote attackers to execute arbitrary code via a crafted TIT2 atom in an AAC file.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-189,

Products Affected

Vendor Product Version
realnetworks realplayer_sp 1.0.5
realnetworks realplayer 11.0.2.1744
realnetworks realplayer 11.0.5
realnetworks realplayer 11.0.2
realnetworks realplayer_sp 1.0.1
realnetworks realplayer_sp 1.1
realnetworks realplayer_sp 1.0.2
realnetworks realplayer 11.0.1
realnetworks realplayer 11.1
realnetworks realplayer_sp 1.1.1
realnetworks realplayer 11.0
realnetworks realplayer 11.0.3
realnetworks realplayer 11.0.4
realnetworks realplayer_sp 1.0.0
CVE-2010-4596 HIGH

Stack-based buffer overflow in RealNetworks Helix Server 12.x, 13.x, and 14.x before 14.2, and Helix Mobile Server 12.x, 13.x, and 14.x before 14.2, allows remote attackers to execute arbitrary code via a long string in an RTSP request.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
realnetworks helix_server 14.0.0
realnetworks helix_server 14.0.1
realnetworks helix_server 12.0.1
realnetworks helix_server 13.1.1
realnetworks helix_mobile_server 13.1.1
realnetworks helix_mobile_server 14.0.1
realnetworks helix_server 12.0.0
realnetworks helix_server 13.0.0
realnetworks helix_mobile_server 12.0
realnetworks helix_mobile_server 14.0.0
CVE-2011-0694 HIGH

RealNetworks RealPlayer 11.0 through 11.1, SP 1.0 through 1.1.5, and 14.0.0 through 14.0.1, and Enterprise 2.0 through 2.1.4, uses predictable names for temporary files, which allows remote attackers to conduct cross-domain scripting attacks and execute arbitrary code via the OpenURLinPlayerBrowser function.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
realnetworks realplayer_sp 1.0.5
realnetworks realplayer_sp 1.1.4
realnetworks realplayer 2.1.3
realnetworks realplayer 2.0
realnetworks realplayer_sp 1.0.1
realnetworks realplayer 2.1.4
realnetworks realplayer_sp 1.1
realnetworks realplayer 14.0.0
realnetworks realplayer_sp 1.0.2
realnetworks realplayer_sp 1.1.2
realnetworks realplayer_sp 1.1.3
realnetworks realplayer 11.1
realnetworks realplayer 2.1.2
realnetworks realplayer_sp 1.1.1
realnetworks realplayer 11.0
realnetworks realplayer 2.1
realnetworks realplayer 14.0.1
realnetworks realplayer_sp 1.0.0
realnetworks realplayer_sp 1.1.5
CVE-2011-1221 MEDIUM

Cross-zone scripting vulnerability in the RealPlayer ActiveX control in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5, RealPlayer SP 1.0 through 1.1.5, and RealPlayer Enterprise 2.0 through 2.1.5 allows remote attackers to inject arbitrary web script or HTML in the Local Zone via a local HTML document, a different vulnerability than CVE-2011-2947.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
realnetworks realplayer_sp 1.0.5
realnetworks realplayer_sp 1.1.4
realnetworks realplayer 14.0.2
realnetworks realplayer 14.0.3
realnetworks realplayer_sp 1.1
realnetworks realplayer 14.0.0
realnetworks realplayer_sp 1.0.2
realnetworks realplayer 11.1
realnetworks realplayer 2.1.2
realnetworks realplayer_sp 1.1.1
realnetworks realplayer_sp 1.1.5
realnetworks realplayer 14.0.5
realnetworks realplayer 2.1.3
realnetworks realplayer 14.0.4
realnetworks realplayer 2.0
realnetworks realplayer_sp 1.0.1
realnetworks realplayer 2.1.4
realnetworks realplayer 2.1.5
realnetworks realplayer_sp 1.1.2
realnetworks realplayer_sp 1.1.3
realnetworks realplayer 11.0
realnetworks realplayer 2.1
realnetworks realplayer 14.0.1
realnetworks realplayer_sp 1.0.0
CVE-2011-1426 HIGH

The OpenURLInDefaultBrowser method in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.2, and RealPlayer SP 1.0 through 1.1.5, launches a default handler for the filename specified in the first argument, which allows remote attackers to execute arbitrary code via a .rnx filename corresponding to a crafted RNX file.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
realnetworks realplayer_sp 1.0.5
realnetworks realplayer_sp 1.1.4
realnetworks realplayer 14.0.2
realnetworks realplayer_sp 1.0.1
realnetworks realplayer_sp 1.1
realnetworks realplayer 14.0.0
realnetworks realplayer_sp 1.0.2
realnetworks realplayer_sp 1.1.2
realnetworks realplayer_sp 1.1.3
realnetworks realplayer 11.1
realnetworks realplayer_sp 1.1.1
realnetworks realplayer 11.0
realnetworks realplayer 14.0.1
realnetworks realplayer_sp 1.0.0
realnetworks realplayer_sp 1.1.5
CVE-2011-1525 HIGH

Heap-based buffer overflow in rvrender.dll in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.2, and RealPlayer SP 1.0 through 1.1.5, allows remote attackers to execute arbitrary code via a crafted frame in an Internet Video Recording (IVR) file.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
realnetworks realplayer 10.0
realnetworks realplayer 11.0.2.1744
realnetworks realplayer 11.0.5
realnetworks realplayer 11.0.2
realnetworks realplayer 7
realnetworks realplayer 8
realnetworks realplayer 11.1.3
realnetworks realplayer 14.0.0
realnetworks realplayer 11.0.1
realnetworks realplayer 4
realnetworks realplayer 11.1
realnetworks realplayer 11.0.4
realnetworks realplayer *
realnetworks realplayer 6
realnetworks realplayer 11.0.2.2315
realnetworks realplayer 5
realnetworks realplayer 14.0.1.609
realnetworks realplayer 11_build_6.0.14.748
realnetworks realplayer 12.0.0.1444
realnetworks realplayer 11.0
realnetworks realplayer 10.5
realnetworks realplayer 12.0.0.1548
realnetworks realplayer 14.0.1
realnetworks realplayer 11.0.3
CVE-2011-2945 HIGH

Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5 and RealPlayer SP 1.0 through 1.1.5 allows remote attackers to execute arbitrary code via a crafted SIPR stream.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
realnetworks realplayer_sp 1.0.5
realnetworks realplayer_sp 1.1.4
realnetworks realplayer 14.0.4
realnetworks realplayer 14.0.2
realnetworks realplayer_sp 1.0.1
realnetworks realplayer 14.0.3
realnetworks realplayer_sp 1.1
realnetworks realplayer 14.0.0
realnetworks realplayer_sp 1.0.2
realnetworks realplayer_sp 1.1.2
realnetworks realplayer_sp 1.1.3
realnetworks realplayer 11.1
realnetworks realplayer_sp 1.1.1
realnetworks realplayer 11.0
realnetworks realplayer 14.0.1
realnetworks realplayer_sp 1.0.0
realnetworks realplayer_sp 1.1.5
realnetworks realplayer 14.0.5
CVE-2011-2946 HIGH

Unspecified vulnerability in an ActiveX control in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5, RealPlayer SP 1.0 through 1.1.5, and RealPlayer Enterprise 2.0 through 2.1.5 allows remote attackers to execute arbitrary code via unknown vectors.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
realnetworks realplayer_sp 1.0.5
realnetworks realplayer_sp 1.1.4
realnetworks realplayer 2.1.3
realnetworks realplayer 14.0.4
realnetworks realplayer 2.0
realnetworks realplayer 14.0.2
realnetworks realplayer_sp 1.0.1
realnetworks realplayer 2.1.4
realnetworks realplayer 2.1.5
realnetworks realplayer 14.0.3
realnetworks realplayer_sp 1.1
realnetworks realplayer 14.0.0
realnetworks realplayer_sp 1.0.2
realnetworks realplayer_sp 1.1.2
realnetworks realplayer_sp 1.1.3
realnetworks realplayer 11.1
realnetworks realplayer 2.1.2
realnetworks realplayer_sp 1.1.1
realnetworks realplayer 11.0
realnetworks realplayer 14.0.1
realnetworks realplayer_sp 1.0.0
realnetworks realplayer_sp 1.1.5
realnetworks realplayer 14.0.5
CVE-2011-2947 MEDIUM

Cross-zone scripting vulnerability in the RealPlayer ActiveX control in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5 and RealPlayer SP 1.0 through 1.1.5 allows remote attackers to inject arbitrary web script or HTML in the Local Zone via a local HTML document.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
realnetworks realplayer_sp 1.0.5
realnetworks realplayer_sp 1.1.4
realnetworks realplayer 14.0.4
realnetworks realplayer 14.0.2
realnetworks realplayer_sp 1.0.1
realnetworks realplayer 14.0.3
realnetworks realplayer_sp 1.1
realnetworks realplayer 14.0.0
realnetworks realplayer_sp 1.0.2
realnetworks realplayer_sp 1.1.2
realnetworks realplayer_sp 1.1.3
realnetworks realplayer 11.1
realnetworks realplayer_sp 1.1.1
realnetworks realplayer 11.0
realnetworks realplayer 14.0.1
realnetworks realplayer_sp 1.0.0
realnetworks realplayer_sp 1.1.5
realnetworks realplayer 14.0.5
CVE-2011-2948 HIGH

RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5, RealPlayer SP 1.0 through 1.1.5, RealPlayer Enterprise 2.0 through 2.1.5, and Mac RealPlayer 12.0.0.1569 do not properly handle DEFINEFONT fields in SWF files, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted file.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
realnetworks realplayer_sp 1.0.5
realnetworks realplayer_sp 1.1.4
realnetworks realplayer 14.0.2
realnetworks realplayer 14.0.3
realnetworks realplayer_sp 1.1
realnetworks realplayer 14.0.0
realnetworks realplayer_sp 1.0.2
realnetworks realplayer 11.1
realnetworks realplayer 2.1.2
realnetworks realplayer_sp 1.1.1
realnetworks realplayer_sp 1.1.5
realnetworks realplayer 14.0.5
realnetworks realplayer 12.0.0.1569
realnetworks realplayer 2.1.3
realnetworks realplayer 14.0.4
realnetworks realplayer 2.0
realnetworks realplayer_sp 1.0.1
realnetworks realplayer 2.1.4
realnetworks realplayer 2.1.5
realnetworks realplayer_sp 1.1.2
realnetworks realplayer_sp 1.1.3
realnetworks realplayer 11.0
realnetworks realplayer 14.0.1
realnetworks realplayer_sp 1.0.0
CVE-2011-2949 HIGH

Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5, RealPlayer SP 1.0 through 1.1.5, and RealPlayer Enterprise 2.0 through 2.1.5 allows remote attackers to execute arbitrary code via crafted ID3v2 tags in an MP3 file.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
realnetworks realplayer_sp 1.0.5
realnetworks realplayer_sp 1.1.4
realnetworks realplayer 2.1.3
realnetworks realplayer 14.0.4
realnetworks realplayer 2.0
realnetworks realplayer 14.0.2
realnetworks realplayer_sp 1.0.1
realnetworks realplayer 2.1.4
realnetworks realplayer 2.1.5
realnetworks realplayer 14.0.3
realnetworks realplayer_sp 1.1
realnetworks realplayer 14.0.0
realnetworks realplayer_sp 1.0.2
realnetworks realplayer_sp 1.1.2
realnetworks realplayer_sp 1.1.3
realnetworks realplayer 11.1
realnetworks realplayer 2.1.2
realnetworks realplayer_sp 1.1.1
realnetworks realplayer 11.0
realnetworks realplayer 14.0.1
realnetworks realplayer_sp 1.0.0
realnetworks realplayer_sp 1.1.5
realnetworks realplayer 14.0.5
CVE-2011-2950 HIGH

Heap-based buffer overflow in qcpfformat.dll in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5 and RealPlayer SP 1.0 through 1.1.5 allows remote attackers to execute arbitrary code via a crafted QCP file.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
realnetworks realplayer_sp 1.0.5
realnetworks realplayer_sp 1.1.4
realnetworks realplayer 14.0.4
realnetworks realplayer 14.0.2
realnetworks realplayer_sp 1.0.1
realnetworks realplayer 14.0.3
realnetworks realplayer_sp 1.1
realnetworks realplayer 14.0.0
realnetworks realplayer_sp 1.0.2
realnetworks realplayer_sp 1.1.2
realnetworks realplayer_sp 1.1.3
realnetworks realplayer 11.1
realnetworks realplayer_sp 1.1.1
realnetworks realplayer 11.0
realnetworks realplayer 14.0.1
realnetworks realplayer_sp 1.0.0
realnetworks realplayer_sp 1.1.5
realnetworks realplayer 14.0.5
CVE-2011-2951 HIGH

Buffer overflow in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5, RealPlayer SP 1.0 through 1.1.5, and Mac RealPlayer 12.0.0.1569 allows remote attackers to execute arbitrary code via a crafted raw_data_frame field in an AAC file.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
realnetworks realplayer_sp 1.0.5
realnetworks realplayer 12.0.0.1569
realnetworks realplayer_sp 1.1.4
realnetworks realplayer 14.0.4
realnetworks realplayer 14.0.2
realnetworks realplayer_sp 1.0.1
realnetworks realplayer 14.0.3
realnetworks realplayer_sp 1.1
realnetworks realplayer 14.0.0
realnetworks realplayer_sp 1.0.2
realnetworks realplayer_sp 1.1.2
realnetworks realplayer_sp 1.1.3
realnetworks realplayer 11.1
realnetworks realplayer_sp 1.1.1
realnetworks realplayer 11.0
realnetworks realplayer 14.0.1
realnetworks realplayer_sp 1.0.0
realnetworks realplayer_sp 1.1.5
realnetworks realplayer 14.0.5
CVE-2011-2952 HIGH

Use-after-free vulnerability in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5, RealPlayer SP 1.0 through 1.1.5, and RealPlayer Enterprise 2.0 through 2.1.5 allows remote attackers to execute arbitrary code via vectors related to a dialog box.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-399,

Products Affected

Vendor Product Version
realnetworks realplayer_sp 1.0.5
realnetworks realplayer_sp 1.1.4
realnetworks realplayer 14.0.2
realnetworks realplayer 14.0.3
realnetworks realplayer_sp 1.1
realnetworks realplayer 14.0.0
realnetworks realplayer_sp 1.0.2
realnetworks realplayer 11.1
realnetworks realplayer 2.1.2
realnetworks realplayer_sp 1.1.1
realnetworks realplayer_sp 1.1.5
realnetworks realplayer 14.0.5
realnetworks realplayer 2.1.3
realnetworks realplayer 14.0.4
realnetworks realplayer 2.0
realnetworks realplayer_sp 1.0.1
realnetworks realplayer 2.1.4
realnetworks realplayer 2.1.5
realnetworks realplayer_sp 1.1.2
realnetworks realplayer_sp 1.1.3
realnetworks realplayer 11.0
realnetworks realplayer 2.1
realnetworks realplayer 14.0.1
realnetworks realplayer_sp 1.0.0
CVE-2011-2953 HIGH

An unspecified ActiveX control in the browser plugin in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5, RealPlayer SP 1.0 through 1.1.5, and RealPlayer Enterprise 2.0 through 2.1.5 allows remote attackers to execute arbitrary code via unknown vectors, related to an out-of-bounds condition.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
realnetworks realplayer_sp 1.0.5
realnetworks realplayer_sp 1.1.4
realnetworks realplayer 14.0.2
realnetworks realplayer 14.0.3
realnetworks realplayer_sp 1.1
realnetworks realplayer 14.0.0
realnetworks realplayer_sp 1.0.2
realnetworks realplayer 11.1
realnetworks realplayer 2.1.2
realnetworks realplayer_sp 1.1.1
realnetworks realplayer_sp 1.1.5
realnetworks realplayer 14.0.5
realnetworks realplayer 2.1.3
realnetworks realplayer 14.0.4
realnetworks realplayer 2.0
realnetworks realplayer_sp 1.0.1
realnetworks realplayer 2.1.4
realnetworks realplayer 2.1.5
realnetworks realplayer_sp 1.1.2
realnetworks realplayer_sp 1.1.3
realnetworks realplayer 11.0
realnetworks realplayer 2.1
realnetworks realplayer 14.0.1
realnetworks realplayer_sp 1.0.0
CVE-2011-2954 HIGH

Use-after-free vulnerability in the AutoUpdate feature in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5 and RealPlayer SP 1.0 through 1.1.5, when an Embedded RealPlayer is used, allows remote attackers to execute arbitrary code via unspecified vectors.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-399,

Products Affected

Vendor Product Version
realnetworks realplayer_sp 1.0.5
realnetworks realplayer_sp 1.1.4
realnetworks realplayer 14.0.4
realnetworks realplayer 14.0.2
realnetworks realplayer_sp 1.0.1
realnetworks realplayer 14.0.3
realnetworks realplayer_sp 1.1
realnetworks realplayer 14.0.0
realnetworks realplayer_sp 1.0.2
realnetworks realplayer_sp 1.1.2
realnetworks realplayer_sp 1.1.3
realnetworks realplayer 11.1
realnetworks realplayer_sp 1.1.1
realnetworks realplayer 11.0
realnetworks realplayer 14.0.1
realnetworks realplayer_sp 1.0.0
realnetworks realplayer_sp 1.1.5
realnetworks realplayer 14.0.5
CVE-2011-2955 HIGH

Use-after-free vulnerability in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5, RealPlayer SP 1.0 through 1.1.5, and RealPlayer Enterprise 2.0 through 2.1.5, when an Embedded RealPlayer is used, allows remote attackers to execute arbitrary code via vectors related to a modal dialog.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-399,

Products Affected

Vendor Product Version
realnetworks realplayer_sp 1.0.5
realnetworks realplayer_sp 1.1.4
realnetworks realplayer 14.0.2
realnetworks realplayer 14.0.3
realnetworks realplayer_sp 1.1
realnetworks realplayer 14.0.0
realnetworks realplayer_sp 1.0.2
realnetworks realplayer 11.1
realnetworks realplayer 2.1.2
realnetworks realplayer_sp 1.1.1
realnetworks realplayer_sp 1.1.5
realnetworks realplayer 14.0.5
realnetworks realplayer 2.1.3
realnetworks realplayer 14.0.4
realnetworks realplayer 2.0
realnetworks realplayer_sp 1.0.1
realnetworks realplayer 2.1.4
realnetworks realplayer 2.1.5
realnetworks realplayer_sp 1.1.2
realnetworks realplayer_sp 1.1.3
realnetworks realplayer 11.0
realnetworks realplayer 2.1
realnetworks realplayer 14.0.1
realnetworks realplayer_sp 1.0.0
CVE-2011-4244 HIGH

Heap-based buffer overflow in the RealVideo renderer in RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via unspecified vectors.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
realnetworks realplayer 10.0
realnetworks realplayer 11.0.2.1744
realnetworks realplayer 11.0.5
realnetworks realplayer 11.0.2
realnetworks realplayer 14.0.2
realnetworks realplayer 7
realnetworks realplayer 8
realnetworks realplayer 11.1.3
realnetworks realplayer 14.0.3
realnetworks realplayer 14.0.0
realnetworks realplayer 11.0.1
realnetworks realplayer 4
realnetworks realplayer 11.1
realnetworks realplayer 14.0.6
realnetworks realplayer 11.0.4
realnetworks realplayer *
realnetworks realplayer 14.0.5
realnetworks realplayer 6
realnetworks realplayer 14.0.1.633
realnetworks realplayer 14.0.4
realnetworks realplayer 11.0.2.2315
realnetworks realplayer 5
realnetworks realplayer 14.0.1.609
realnetworks realplayer 11_build_6.0.14.748
realnetworks realplayer 12.0.0.1444
realnetworks realplayer 11.0
realnetworks realplayer 10.5
realnetworks realplayer 12.0.0.1548
realnetworks realplayer 14.0.1
realnetworks realplayer 11.0.3
CVE-2011-4245 HIGH

The RealVideo renderer in RealNetworks RealPlayer before 15.0.0 and Mac RealPlayer before 12.0.0.1703 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
realnetworks realplayer 10.0
realnetworks realplayer 10.0.0.331
realnetworks realplayer 11.0.2.1744
realnetworks realplayer 11.0.5
realnetworks realplayer 11.0.2
realnetworks realplayer 14.0.2
realnetworks realplayer 7
realnetworks realplayer 8
realnetworks realplayer 11.1.3
realnetworks realplayer 14.0.3
realnetworks realplayer 14.0.0
realnetworks realplayer 11.0.1
realnetworks realplayer 8.0
realnetworks realplayer 4
realnetworks realplayer 11.1
realnetworks realplayer 14.0.6
realnetworks realplayer 11.0.4
realnetworks realplayer *
realnetworks realplayer 14.0.5
realnetworks realplayer 12.0.0.1569
realnetworks realplayer 10.1
realnetworks realplayer 10.0.0.305
realnetworks realplayer 6
realnetworks realplayer 14.0.1.633
realnetworks realplayer 14.0.4
realnetworks realplayer 11.0.2.2315
realnetworks realplayer 5
realnetworks realplayer 14.0.1.609
realnetworks realplayer 11_build_6.0.14.748
realnetworks realplayer 12.0.0.1444
realnetworks realplayer 11.0
realnetworks realplayer 10.5
realnetworks realplayer 12.0.0.1548
realnetworks realplayer 14.0.1
realnetworks realplayer 11.0.3
realnetworks realplayer 7.0
CVE-2011-4246 HIGH

The AAC codec in RealNetworks RealPlayer before 15.0.0 and Mac RealPlayer before 12.0.0.1703 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
realnetworks realplayer 10.0
realnetworks realplayer 10.0.0.331
realnetworks realplayer 11.0.2.1744
realnetworks realplayer 11.0.5
realnetworks realplayer 11.0.2
realnetworks realplayer 14.0.2
realnetworks realplayer 7
realnetworks realplayer 8
realnetworks realplayer 11.1.3
realnetworks realplayer 14.0.3
realnetworks realplayer 14.0.0
realnetworks realplayer 11.0.1
realnetworks realplayer 8.0
realnetworks realplayer 4
realnetworks realplayer 11.1
realnetworks realplayer 14.0.6
realnetworks realplayer 11.0.4
realnetworks realplayer *
realnetworks realplayer 14.0.5
realnetworks realplayer 12.0.0.1569
realnetworks realplayer 10.1
realnetworks realplayer 10.0.0.305
realnetworks realplayer 6
realnetworks realplayer 14.0.1.633
realnetworks realplayer 14.0.4
realnetworks realplayer 11.0.2.2315
realnetworks realplayer 5
realnetworks realplayer 14.0.1.609
realnetworks realplayer 11_build_6.0.14.748
realnetworks realplayer 12.0.0.1444
realnetworks realplayer 11.0
realnetworks realplayer 10.5
realnetworks realplayer 12.0.0.1548
realnetworks realplayer 14.0.1
realnetworks realplayer 11.0.3
realnetworks realplayer 7.0
CVE-2011-4247 HIGH

RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via a crafted QCELP stream.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-94,

Products Affected

Vendor Product Version
realnetworks realplayer 10.0
realnetworks realplayer 11.0.2.1744
realnetworks realplayer 11.0.5
realnetworks realplayer 11.0.2
realnetworks realplayer 14.0.2
realnetworks realplayer 7
realnetworks realplayer 8
realnetworks realplayer 11.1.3
realnetworks realplayer 14.0.3
realnetworks realplayer 14.0.0
realnetworks realplayer 11.0.1
realnetworks realplayer 4
realnetworks realplayer 11.1
realnetworks realplayer 14.0.6
realnetworks realplayer 11.0.4
realnetworks realplayer *
realnetworks realplayer 14.0.5
realnetworks realplayer 6
realnetworks realplayer 14.0.1.633
realnetworks realplayer 14.0.4
realnetworks realplayer 11.0.2.2315
realnetworks realplayer 5
realnetworks realplayer 14.0.1.609
realnetworks realplayer 11_build_6.0.14.748
realnetworks realplayer 12.0.0.1444
realnetworks realplayer 11.0
realnetworks realplayer 10.5
realnetworks realplayer 12.0.0.1548
realnetworks realplayer 14.0.1
realnetworks realplayer 11.0.3
CVE-2011-4248 HIGH

RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via a malformed AAC file.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-94,

Products Affected

Vendor Product Version
realnetworks realplayer 10.0
realnetworks realplayer 11.0.2.1744
realnetworks realplayer 11.0.5
realnetworks realplayer 11.0.2
realnetworks realplayer 14.0.2
realnetworks realplayer 7
realnetworks realplayer 8
realnetworks realplayer 11.1.3
realnetworks realplayer 14.0.3
realnetworks realplayer 14.0.0
realnetworks realplayer 11.0.1
realnetworks realplayer 4
realnetworks realplayer 11.1
realnetworks realplayer 14.0.6
realnetworks realplayer 11.0.4
realnetworks realplayer *
realnetworks realplayer 14.0.5
realnetworks realplayer 6
realnetworks realplayer 14.0.1.633
realnetworks realplayer 14.0.4
realnetworks realplayer 11.0.2.2315
realnetworks realplayer 5
realnetworks realplayer 14.0.1.609
realnetworks realplayer 11_build_6.0.14.748
realnetworks realplayer 12.0.0.1444
realnetworks realplayer 11.0
realnetworks realplayer 10.5
realnetworks realplayer 12.0.0.1548
realnetworks realplayer 14.0.1
realnetworks realplayer 11.0.3
CVE-2011-4249 HIGH

Array index error in the RV30 codec in RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via unspecified vectors.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
realnetworks realplayer 10.0
realnetworks realplayer 11.0.2.1744
realnetworks realplayer 11.0.5
realnetworks realplayer 11.0.2
realnetworks realplayer 14.0.2
realnetworks realplayer 7
realnetworks realplayer 8
realnetworks realplayer 11.1.3
realnetworks realplayer 14.0.3
realnetworks realplayer 14.0.0
realnetworks realplayer 11.0.1
realnetworks realplayer 4
realnetworks realplayer 11.1
realnetworks realplayer 14.0.6
realnetworks realplayer 11.0.4
realnetworks realplayer *
realnetworks realplayer 14.0.5
realnetworks realplayer 6
realnetworks realplayer 14.0.1.633
realnetworks realplayer 14.0.4
realnetworks realplayer 11.0.2.2315
realnetworks realplayer 5
realnetworks realplayer 14.0.1.609
realnetworks realplayer 11_build_6.0.14.748
realnetworks realplayer 12.0.0.1444
realnetworks realplayer 11.0
realnetworks realplayer 10.5
realnetworks realplayer 12.0.0.1548
realnetworks realplayer 14.0.1
realnetworks realplayer 11.0.3
CVE-2011-4250 HIGH

Unspecified vulnerability in the ATRC codec in RealNetworks RealPlayer before 15.0.0 and Mac RealPlayer before 12.0.0.1703 allows remote attackers to execute arbitrary code via unknown vectors.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
realnetworks realplayer 10.0
realnetworks realplayer 10.0.0.331
realnetworks realplayer 11.0.2.1744
realnetworks realplayer 11.0.5
realnetworks realplayer 11.0.2
realnetworks realplayer 14.0.2
realnetworks realplayer 7
realnetworks realplayer 8
realnetworks realplayer 11.1.3
realnetworks realplayer 14.0.3
realnetworks realplayer 14.0.0
realnetworks realplayer 11.0.1
realnetworks realplayer 8.0
realnetworks realplayer 4
realnetworks realplayer 11.1
realnetworks realplayer 14.0.6
realnetworks realplayer 11.0.4
realnetworks realplayer *
realnetworks realplayer 14.0.5
realnetworks realplayer 12.0.0.1569
realnetworks realplayer 10.1
realnetworks realplayer 10.0.0.305
realnetworks realplayer 6
realnetworks realplayer 14.0.1.633
realnetworks realplayer 14.0.4
realnetworks realplayer 11.0.2.2315
realnetworks realplayer 5
realnetworks realplayer 14.0.1.609
realnetworks realplayer 11_build_6.0.14.748
realnetworks realplayer 12.0.0.1444
realnetworks realplayer 11.0
realnetworks realplayer 10.5
realnetworks realplayer 12.0.0.1548
realnetworks realplayer 14.0.1
realnetworks realplayer 11.0.3
realnetworks realplayer 7.0
CVE-2011-4251 HIGH

RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via a crafted sample size in a RealAudio file.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-94,

Products Affected

Vendor Product Version
realnetworks realplayer 10.0
realnetworks realplayer 11.0.2.1744
realnetworks realplayer 11.0.5
realnetworks realplayer 11.0.2
realnetworks realplayer 14.0.2
realnetworks realplayer 7
realnetworks realplayer 8
realnetworks realplayer 11.1.3
realnetworks realplayer 14.0.3
realnetworks realplayer 14.0.0
realnetworks realplayer 11.0.1
realnetworks realplayer 4
realnetworks realplayer 11.1
realnetworks realplayer 14.0.6
realnetworks realplayer 11.0.4
realnetworks realplayer *
realnetworks realplayer 14.0.5
realnetworks realplayer 6
realnetworks realplayer 14.0.1.633
realnetworks realplayer 14.0.4
realnetworks realplayer 11.0.2.2315
realnetworks realplayer 5
realnetworks realplayer 14.0.1.609
realnetworks realplayer 11_build_6.0.14.748
realnetworks realplayer 12.0.0.1444
realnetworks realplayer 11.0
realnetworks realplayer 10.5
realnetworks realplayer 12.0.0.1548
realnetworks realplayer 14.0.1
realnetworks realplayer 11.0.3
CVE-2011-4252 HIGH

The RV10 codec in RealNetworks RealPlayer before 15.0.0 and Mac RealPlayer before 12.0.0.1703 allows remote attackers to execute arbitrary code via a crafted sample height.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-94,

Products Affected

Vendor Product Version
realnetworks realplayer 10.0
realnetworks realplayer 10.0.0.331
realnetworks realplayer 11.0.2.1744
realnetworks realplayer 11.0.5
realnetworks realplayer 11.0.2
realnetworks realplayer 14.0.2
realnetworks realplayer 7
realnetworks realplayer 8
realnetworks realplayer 11.1.3
realnetworks realplayer 14.0.3
realnetworks realplayer 14.0.0
realnetworks realplayer 11.0.1
realnetworks realplayer 8.0
realnetworks realplayer 4
realnetworks realplayer 11.1
realnetworks realplayer 14.0.6
realnetworks realplayer 11.0.4
realnetworks realplayer *
realnetworks realplayer 14.0.5
realnetworks realplayer 12.0.0.1569
realnetworks realplayer 10.1
realnetworks realplayer 10.0.0.305
realnetworks realplayer 6
realnetworks realplayer 14.0.1.633
realnetworks realplayer 14.0.4
realnetworks realplayer 11.0.2.2315
realnetworks realplayer 5
realnetworks realplayer 14.0.1.609
realnetworks realplayer 11_build_6.0.14.748
realnetworks realplayer 12.0.0.1444
realnetworks realplayer 11.0
realnetworks realplayer 10.5
realnetworks realplayer 12.0.0.1548
realnetworks realplayer 14.0.1
realnetworks realplayer 11.0.3
realnetworks realplayer 7.0
CVE-2011-4253 HIGH

Unspecified vulnerability in the RV20 codec in RealNetworks RealPlayer before 15.0.0 and Mac RealPlayer before 12.0.0.1703 allows remote attackers to execute arbitrary code via unknown vectors.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
realnetworks realplayer 10.0
realnetworks realplayer 10.0.0.331
realnetworks realplayer 11.0.2.1744
realnetworks realplayer 11.0.5
realnetworks realplayer 11.0.2
realnetworks realplayer 14.0.2
realnetworks realplayer 7
realnetworks realplayer 8
realnetworks realplayer 11.1.3
realnetworks realplayer 14.0.3
realnetworks realplayer 14.0.0
realnetworks realplayer 11.0.1
realnetworks realplayer 8.0
realnetworks realplayer 4
realnetworks realplayer 11.1
realnetworks realplayer 14.0.6
realnetworks realplayer 11.0.4
realnetworks realplayer *
realnetworks realplayer 14.0.5
realnetworks realplayer 12.0.0.1569
realnetworks realplayer 10.1
realnetworks realplayer 10.0.0.305
realnetworks realplayer 6
realnetworks realplayer 14.0.1.633
realnetworks realplayer 14.0.4
realnetworks realplayer 11.0.2.2315
realnetworks realplayer 5
realnetworks realplayer 14.0.1.609
realnetworks realplayer 11_build_6.0.14.748
realnetworks realplayer 12.0.0.1444
realnetworks realplayer 11.0
realnetworks realplayer 10.5
realnetworks realplayer 12.0.0.1548
realnetworks realplayer 14.0.1
realnetworks realplayer 11.0.3
realnetworks realplayer 7.0
CVE-2011-4254 HIGH

RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via a crafted RTSP SETUP request.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-94,

Products Affected

Vendor Product Version
realnetworks realplayer 10.0
realnetworks realplayer 11.0.2.1744
realnetworks realplayer 11.0.5
realnetworks realplayer 11.0.2
realnetworks realplayer 14.0.2
realnetworks realplayer 7
realnetworks realplayer 8
realnetworks realplayer 11.1.3
realnetworks realplayer 14.0.3
realnetworks realplayer 14.0.0
realnetworks realplayer 11.0.1
realnetworks realplayer 4
realnetworks realplayer 11.1
realnetworks realplayer 14.0.6
realnetworks realplayer 11.0.4
realnetworks realplayer *
realnetworks realplayer 14.0.5
realnetworks realplayer 6
realnetworks realplayer 14.0.1.633
realnetworks realplayer 14.0.4
realnetworks realplayer 11.0.2.2315
realnetworks realplayer 5
realnetworks realplayer 14.0.1.609
realnetworks realplayer 11_build_6.0.14.748
realnetworks realplayer 12.0.0.1444
realnetworks realplayer 11.0
realnetworks realplayer 10.5
realnetworks realplayer 12.0.0.1548
realnetworks realplayer 14.0.1
realnetworks realplayer 11.0.3
CVE-2011-4255 HIGH

Unspecified vulnerability in RealNetworks RealPlayer before 15.0.0 and Mac RealPlayer before 12.0.0.1703 allows remote attackers to execute arbitrary code via an invalid codec name.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
realnetworks realplayer 10.0
realnetworks realplayer 10.0.0.331
realnetworks realplayer 11.0.2.1744
realnetworks realplayer 11.0.5
realnetworks realplayer 11.0.2
realnetworks realplayer 14.0.2
realnetworks realplayer 7
realnetworks realplayer 8
realnetworks realplayer 11.1.3
realnetworks realplayer 14.0.3
realnetworks realplayer 14.0.0
realnetworks realplayer 11.0.1
realnetworks realplayer 8.0
realnetworks realplayer 4
realnetworks realplayer 11.1
realnetworks realplayer 14.0.6
realnetworks realplayer 11.0.4
realnetworks realplayer *
realnetworks realplayer 14.0.5
realnetworks realplayer 12.0.0.1569
realnetworks realplayer 10.1
realnetworks realplayer 10.0.0.305
realnetworks realplayer 6
realnetworks realplayer 14.0.1.633
realnetworks realplayer 14.0.4
realnetworks realplayer 11.0.2.2315
realnetworks realplayer 5
realnetworks realplayer 14.0.1.609
realnetworks realplayer 11_build_6.0.14.748
realnetworks realplayer 12.0.0.1444
realnetworks realplayer 11.0
realnetworks realplayer 10.5
realnetworks realplayer 12.0.0.1548
realnetworks realplayer 14.0.1
realnetworks realplayer 11.0.3
realnetworks realplayer 7.0
CVE-2011-4256 HIGH

The RV30 codec in RealNetworks RealPlayer before 15.0.0 and Mac RealPlayer before 12.0.0.1703 does not initialize an unspecified index value, which allows remote attackers to execute arbitrary code via unknown vectors.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-94,

Products Affected

Vendor Product Version
realnetworks realplayer 10.0
realnetworks realplayer 10.0.0.331
realnetworks realplayer 11.0.2.1744
realnetworks realplayer 11.0.5
realnetworks realplayer 11.0.2
realnetworks realplayer 14.0.2
realnetworks realplayer 7
realnetworks realplayer 8
realnetworks realplayer 11.1.3
realnetworks realplayer 14.0.3
realnetworks realplayer 14.0.0
realnetworks realplayer 11.0.1
realnetworks realplayer 8.0
realnetworks realplayer 4
realnetworks realplayer 11.1
realnetworks realplayer 14.0.6
realnetworks realplayer 11.0.4
realnetworks realplayer *
realnetworks realplayer 14.0.5
realnetworks realplayer 12.0.0.1569
realnetworks realplayer 10.1
realnetworks realplayer 10.0.0.305
realnetworks realplayer 6
realnetworks realplayer 14.0.1.633
realnetworks realplayer 14.0.4
realnetworks realplayer 11.0.2.2315
realnetworks realplayer 5
realnetworks realplayer 14.0.1.609
realnetworks realplayer 11_build_6.0.14.748
realnetworks realplayer 12.0.0.1444
realnetworks realplayer 11.0
realnetworks realplayer 10.5
realnetworks realplayer 12.0.0.1548
realnetworks realplayer 14.0.1
realnetworks realplayer 11.0.3
realnetworks realplayer 7.0
CVE-2011-4257 HIGH

The Cook codec in RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via crafted channel data.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-94,

Products Affected

Vendor Product Version
realnetworks realplayer 10.0
realnetworks realplayer 11.0.2.1744
realnetworks realplayer 11.0.5
realnetworks realplayer 11.0.2
realnetworks realplayer 14.0.2
realnetworks realplayer 7
realnetworks realplayer 8
realnetworks realplayer 11.1.3
realnetworks realplayer 14.0.3
realnetworks realplayer 14.0.0
realnetworks realplayer 11.0.1
realnetworks realplayer 4
realnetworks realplayer 11.1
realnetworks realplayer 14.0.6
realnetworks realplayer 11.0.4
realnetworks realplayer *
realnetworks realplayer 14.0.5
realnetworks realplayer 6
realnetworks realplayer 14.0.1.633
realnetworks realplayer 14.0.4
realnetworks realplayer 11.0.2.2315
realnetworks realplayer 5
realnetworks realplayer 14.0.1.609
realnetworks realplayer 11_build_6.0.14.748
realnetworks realplayer 12.0.0.1444
realnetworks realplayer 11.0
realnetworks realplayer 10.5
realnetworks realplayer 12.0.0.1548
realnetworks realplayer 14.0.1
realnetworks realplayer 11.0.3
CVE-2011-4258 HIGH

RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via a crafted length of an MLTI chunk in an IVR file.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-94,

Products Affected

Vendor Product Version
realnetworks realplayer 10.0
realnetworks realplayer 11.0.2.1744
realnetworks realplayer 11.0.5
realnetworks realplayer 11.0.2
realnetworks realplayer 14.0.2
realnetworks realplayer 7
realnetworks realplayer 8
realnetworks realplayer 11.1.3
realnetworks realplayer 14.0.3
realnetworks realplayer 14.0.0
realnetworks realplayer 11.0.1
realnetworks realplayer 4
realnetworks realplayer 11.1
realnetworks realplayer 14.0.6
realnetworks realplayer 11.0.4
realnetworks realplayer *
realnetworks realplayer 14.0.5
realnetworks realplayer 6
realnetworks realplayer 14.0.1.633
realnetworks realplayer 14.0.4
realnetworks realplayer 11.0.2.2315
realnetworks realplayer 5
realnetworks realplayer 14.0.1.609
realnetworks realplayer 11_build_6.0.14.748
realnetworks realplayer 12.0.0.1444
realnetworks realplayer 11.0
realnetworks realplayer 10.5
realnetworks realplayer 12.0.0.1548
realnetworks realplayer 14.0.1
realnetworks realplayer 11.0.3
CVE-2011-4259 HIGH

Integer underflow in RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via a crafted width value in an MPG file.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-189,

Products Affected

Vendor Product Version
realnetworks realplayer 10.0
realnetworks realplayer 11.0.2.1744
realnetworks realplayer 11.0.5
realnetworks realplayer 11.0.2
realnetworks realplayer 14.0.2
realnetworks realplayer 7
realnetworks realplayer 8
realnetworks realplayer 11.1.3
realnetworks realplayer 14.0.3
realnetworks realplayer 14.0.0
realnetworks realplayer 11.0.1
realnetworks realplayer 4
realnetworks realplayer 11.1
realnetworks realplayer 14.0.6
realnetworks realplayer 11.0.4
realnetworks realplayer *
realnetworks realplayer 14.0.5
realnetworks realplayer 6
realnetworks realplayer 14.0.1.633
realnetworks realplayer 14.0.4
realnetworks realplayer 11.0.2.2315
realnetworks realplayer 5
realnetworks realplayer 14.0.1.609
realnetworks realplayer 11_build_6.0.14.748
realnetworks realplayer 12.0.0.1444
realnetworks realplayer 11.0
realnetworks realplayer 10.5
realnetworks realplayer 12.0.0.1548
realnetworks realplayer 14.0.1
realnetworks realplayer 11.0.3
CVE-2011-4260 HIGH

RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via a malformed header in an MP4 file.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-94,

Products Affected

Vendor Product Version
realnetworks realplayer 10.0
realnetworks realplayer 11.0.2.1744
realnetworks realplayer 11.0.5
realnetworks realplayer 11.0.2
realnetworks realplayer 14.0.2
realnetworks realplayer 7
realnetworks realplayer 8
realnetworks realplayer 11.1.3
realnetworks realplayer 14.0.3
realnetworks realplayer 14.0.0
realnetworks realplayer 11.0.1
realnetworks realplayer 4
realnetworks realplayer 11.1
realnetworks realplayer 14.0.6
realnetworks realplayer 11.0.4
realnetworks realplayer *
realnetworks realplayer 14.0.5
realnetworks realplayer 6
realnetworks realplayer 14.0.1.633
realnetworks realplayer 14.0.4
realnetworks realplayer 11.0.2.2315
realnetworks realplayer 5
realnetworks realplayer 14.0.1.609
realnetworks realplayer 11_build_6.0.14.748
realnetworks realplayer 12.0.0.1444
realnetworks realplayer 11.0
realnetworks realplayer 10.5
realnetworks realplayer 12.0.0.1548
realnetworks realplayer 14.0.1
realnetworks realplayer 11.0.3
CVE-2011-4261 HIGH

RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via crafted video dimensions in an MP4 file.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
realnetworks realplayer 10.0
realnetworks realplayer 11.0.2.1744
realnetworks realplayer 11.0.5
realnetworks realplayer 11.0.2
realnetworks realplayer 14.0.2
realnetworks realplayer 7
realnetworks realplayer 8
realnetworks realplayer 11.1.3
realnetworks realplayer 14.0.3
realnetworks realplayer 14.0.0
realnetworks realplayer 11.0.1
realnetworks realplayer 4
realnetworks realplayer 11.1
realnetworks realplayer 14.0.6
realnetworks realplayer 11.0.4
realnetworks realplayer *
realnetworks realplayer 14.0.5
realnetworks realplayer 6
realnetworks realplayer 14.0.1.633
realnetworks realplayer 14.0.4
realnetworks realplayer 11.0.2.2315
realnetworks realplayer 5
realnetworks realplayer 14.0.1.609
realnetworks realplayer 11_build_6.0.14.748
realnetworks realplayer 12.0.0.1444
realnetworks realplayer 11.0
realnetworks realplayer 10.5
realnetworks realplayer 12.0.0.1548
realnetworks realplayer 14.0.1
realnetworks realplayer 11.0.3
CVE-2011-4262 HIGH

Unspecified vulnerability in RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via a crafted MP4 file.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
realnetworks realplayer 10.0
realnetworks realplayer 11.0.2.1744
realnetworks realplayer 11.0.5
realnetworks realplayer 11.0.2
realnetworks realplayer 14.0.2
realnetworks realplayer 7
realnetworks realplayer 8
realnetworks realplayer 11.1.3
realnetworks realplayer 14.0.3
realnetworks realplayer 14.0.0
realnetworks realplayer 11.0.1
realnetworks realplayer 4
realnetworks realplayer 11.1
realnetworks realplayer 14.0.6
realnetworks realplayer 11.0.4
realnetworks realplayer *
realnetworks realplayer 14.0.5
realnetworks realplayer 6
realnetworks realplayer 14.0.1.633
realnetworks realplayer 14.0.4
realnetworks realplayer 11.0.2.2315
realnetworks realplayer 5
realnetworks realplayer 14.0.1.609
realnetworks realplayer 11_build_6.0.14.748
realnetworks realplayer 12.0.0.1444
realnetworks realplayer 11.0
realnetworks realplayer 10.5
realnetworks realplayer 12.0.0.1548
realnetworks realplayer 14.0.1
realnetworks realplayer 11.0.3
CVE-2012-0922 HIGH

rvrender.dll in RealNetworks RealPlayer 11.x, 14.x, and 15.x before 15.02.71, and RealPlayer SP 1.0 through 1.1.5, allows remote attackers to execute arbitrary code via crafted flags in an RMFF file.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-94,

Products Affected

Vendor Product Version
realnetworks realplayer_sp 1.0.5
realnetworks realplayer_sp 1.1.4
realnetworks realplayer 11.0.2.1744
realnetworks realplayer 11.0.5
realnetworks realplayer 11.0.2
realnetworks realplayer 14.0.2
realnetworks realplayer 11.1.3
realnetworks realplayer 14.0.3
realnetworks realplayer_sp 1.1
realnetworks realplayer 14.0.0
realnetworks realplayer_sp 1.0.2
realnetworks realplayer 11.0.1
realnetworks realplayer 14.0.7
realnetworks realplayer 11.1
realnetworks realplayer_sp 1.1.1
realnetworks realplayer 15.0.0
realnetworks realplayer 14.0.6
realnetworks realplayer 11.0.4
realnetworks realplayer_sp 1.1.5
realnetworks realplayer 14.0.5
realnetworks realplayer 15.0.1.13
realnetworks realplayer 14.0.1.633
realnetworks realplayer 14.0.4
realnetworks realplayer_sp 1.0.1
realnetworks realplayer 11.0.2.2315
realnetworks realplayer 14.0.1.609
realnetworks realplayer_sp 1.1.2
realnetworks realplayer_sp 1.1.3
realnetworks realplayer 11_build_6.0.14.748
realnetworks realplayer 11.0
realnetworks realplayer 14.0.1
realnetworks realplayer 11.0.3
realnetworks realplayer_sp 1.0.0
CVE-2012-0923 HIGH

The RV20 codec in RealNetworks RealPlayer 11.x, 14.x, and 15.x before 15.02.71, and RealPlayer SP 1.0 through 1.1.5, does not properly handle the frame size array, which allows remote attackers to execute arbitrary code via a crafted RV20 RealVideo video stream.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-94,

Products Affected

Vendor Product Version
realnetworks realplayer_sp 1.0.5
realnetworks realplayer_sp 1.1.4
realnetworks realplayer 11.0.2.1744
realnetworks realplayer 11.0.5
realnetworks realplayer 11.0.2
realnetworks realplayer 14.0.2
realnetworks realplayer 11.1.3
realnetworks realplayer 14.0.3
realnetworks realplayer_sp 1.1
realnetworks realplayer 14.0.0
realnetworks realplayer_sp 1.0.2
realnetworks realplayer 11.0.1
realnetworks realplayer 14.0.7
realnetworks realplayer 11.1
realnetworks realplayer_sp 1.1.1
realnetworks realplayer 15.0.0
realnetworks realplayer 14.0.6
realnetworks realplayer 11.0.4
realnetworks realplayer_sp 1.1.5
realnetworks realplayer 14.0.5
realnetworks realplayer 15.0.1.13
realnetworks realplayer 14.0.1.633
realnetworks realplayer 14.0.4
realnetworks realplayer_sp 1.0.1
realnetworks realplayer 11.0.2.2315
realnetworks realplayer 14.0.1.609
realnetworks realplayer_sp 1.1.2
realnetworks realplayer_sp 1.1.3
realnetworks realplayer 11_build_6.0.14.748
realnetworks realplayer 11.0
realnetworks realplayer 14.0.1
realnetworks realplayer 11.0.3
realnetworks realplayer_sp 1.0.0
CVE-2012-0924 HIGH

RealNetworks RealPlayer 11.x, 14.x, and 15.x before 15.02.71, and RealPlayer SP 1.0 through 1.1.5, allows remote attackers to execute arbitrary code via vectors involving a VIDOBJ_START_CODE code in a header within a video stream.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-94,

Products Affected

Vendor Product Version
realnetworks realplayer_sp 1.0.5
realnetworks realplayer_sp 1.1.4
realnetworks realplayer 11.0.2.1744
realnetworks realplayer 11.0.5
realnetworks realplayer 11.0.2
realnetworks realplayer 14.0.2
realnetworks realplayer 11.1.3
realnetworks realplayer 14.0.3
realnetworks realplayer_sp 1.1
realnetworks realplayer 14.0.0
realnetworks realplayer_sp 1.0.2
realnetworks realplayer 11.0.1
realnetworks realplayer 14.0.7
realnetworks realplayer 11.1
realnetworks realplayer_sp 1.1.1
realnetworks realplayer 15.0.0
realnetworks realplayer 14.0.6
realnetworks realplayer 11.0.4
realnetworks realplayer_sp 1.1.5
realnetworks realplayer 14.0.5
realnetworks realplayer 15.0.1.13
realnetworks realplayer 14.0.1.633
realnetworks realplayer 14.0.4
realnetworks realplayer_sp 1.0.1
realnetworks realplayer 11.0.2.2315
realnetworks realplayer 14.0.1.609
realnetworks realplayer_sp 1.1.2
realnetworks realplayer_sp 1.1.3
realnetworks realplayer 11_build_6.0.14.748
realnetworks realplayer 11.0
realnetworks realplayer 14.0.1
realnetworks realplayer 11.0.3
realnetworks realplayer_sp 1.0.0
CVE-2012-0925 HIGH

Unspecified vulnerability in the RV40 codec in RealNetworks RealPlayer 11.x, 14.x, and 15.x before 15.02.71, and RealPlayer SP 1.0 through 1.1.5, allows remote attackers to execute arbitrary code via a crafted RV40 RealVideo video stream.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-94,NVD-CWE-noinfo,

Products Affected

Vendor Product Version
realnetworks realplayer_sp 1.0.5
realnetworks realplayer_sp 1.1.4
realnetworks realplayer 11.0.2.1744
realnetworks realplayer 11.0.5
realnetworks realplayer 11.0.2
realnetworks realplayer 14.0.2
realnetworks realplayer 11.1.3
realnetworks realplayer 14.0.3
realnetworks realplayer_sp 1.1
realnetworks realplayer 14.0.0
realnetworks realplayer_sp 1.0.2
realnetworks realplayer 11.0.1
realnetworks realplayer 14.0.7
realnetworks realplayer 11.1
realnetworks realplayer_sp 1.1.1
realnetworks realplayer 15.0.0
realnetworks realplayer 14.0.6
realnetworks realplayer 11.0.4
realnetworks realplayer_sp 1.1.5
realnetworks realplayer 14.0.5
realnetworks realplayer 15.0.1.13
realnetworks realplayer 14.0.1.633
realnetworks realplayer 14.0.4
realnetworks realplayer_sp 1.0.1
realnetworks realplayer 11.0.2.2315
realnetworks realplayer 14.0.1.609
realnetworks realplayer_sp 1.1.2
realnetworks realplayer_sp 1.1.3
realnetworks realplayer 11_build_6.0.14.748
realnetworks realplayer 11.0
realnetworks realplayer 14.0.1
realnetworks realplayer 11.0.3
realnetworks realplayer_sp 1.0.0
CVE-2012-0926 HIGH

The RV10 codec in RealNetworks RealPlayer 11.x, 14.x, and 15.x before 15.02.71, and RealPlayer SP 1.0 through 1.1.5, does not properly handle height and width values, which allows remote attackers to execute arbitrary code via a crafted RV10 RealVideo video stream.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-94,

Products Affected

Vendor Product Version
realnetworks realplayer_sp 1.0.5
realnetworks realplayer_sp 1.1.4
realnetworks realplayer 11.0.2.1744
realnetworks realplayer 11.0.5
realnetworks realplayer 11.0.2
realnetworks realplayer 14.0.2
realnetworks realplayer 11.1.3
realnetworks realplayer 14.0.3
realnetworks realplayer_sp 1.1
realnetworks realplayer 14.0.0
realnetworks realplayer_sp 1.0.2
realnetworks realplayer 11.0.1
realnetworks realplayer 14.0.7
realnetworks realplayer 11.1
realnetworks realplayer_sp 1.1.1
realnetworks realplayer 15.0.0
realnetworks realplayer 14.0.6
realnetworks realplayer 11.0.4
realnetworks realplayer_sp 1.1.5
realnetworks realplayer 14.0.5
realnetworks realplayer 15.0.1.13
realnetworks realplayer 14.0.1.633
realnetworks realplayer 14.0.4
realnetworks realplayer_sp 1.0.1
realnetworks realplayer 11.0.2.2315
realnetworks realplayer 14.0.1.609
realnetworks realplayer_sp 1.1.2
realnetworks realplayer_sp 1.1.3
realnetworks realplayer 11_build_6.0.14.748
realnetworks realplayer 11.0
realnetworks realplayer 14.0.1
realnetworks realplayer 11.0.3
realnetworks realplayer_sp 1.0.0
CVE-2012-0927 HIGH

Unspecified vulnerability in RealNetworks RealPlayer 11.x, 14.x, and 15.x before 15.02.71, and RealPlayer SP 1.0 through 1.1.5, allows remote attackers to execute arbitrary code via vectors involving the coded_frame_size value in a RealAudio audio stream.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-94,NVD-CWE-noinfo,

Products Affected

Vendor Product Version
realnetworks realplayer_sp 1.0.5
realnetworks realplayer_sp 1.1.4
realnetworks realplayer 11.0.2.1744
realnetworks realplayer 11.0.5
realnetworks realplayer 11.0.2
realnetworks realplayer 14.0.2
realnetworks realplayer 11.1.3
realnetworks realplayer 14.0.3
realnetworks realplayer_sp 1.1
realnetworks realplayer 14.0.0
realnetworks realplayer_sp 1.0.2
realnetworks realplayer 11.0.1
realnetworks realplayer 14.0.7
realnetworks realplayer 11.1
realnetworks realplayer_sp 1.1.1
realnetworks realplayer 15.0.0
realnetworks realplayer 14.0.6
realnetworks realplayer 11.0.4
realnetworks realplayer_sp 1.1.5
realnetworks realplayer 14.0.5
realnetworks realplayer 15.0.1.13
realnetworks realplayer 14.0.1.633
realnetworks realplayer 14.0.4
realnetworks realplayer_sp 1.0.1
realnetworks realplayer 11.0.2.2315
realnetworks realplayer 14.0.1.609
realnetworks realplayer_sp 1.1.2
realnetworks realplayer_sp 1.1.3
realnetworks realplayer 11_build_6.0.14.748
realnetworks realplayer 11.0
realnetworks realplayer 14.0.1
realnetworks realplayer 11.0.3
realnetworks realplayer_sp 1.0.0
CVE-2012-0928 HIGH

The ATRAC codec in RealNetworks RealPlayer 11.x and 14.x through 14.0.7, RealPlayer SP 1.0 through 1.1.5, and Mac RealPlayer 12.x before 12.0.0.1703 does not properly decode samples, which allows remote attackers to execute arbitrary code via a crafted ATRAC audio file.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-94,

Products Affected

Vendor Product Version
realnetworks realplayer_sp 1.0.5
realnetworks realplayer_sp 1.1.4
realnetworks realplayer 11.0.2.1744
realnetworks realplayer 11.0.5
realnetworks realplayer 11.0.2
realnetworks realplayer 14.0.2
realnetworks realplayer 11.1.3
realnetworks realplayer 14.0.3
realnetworks realplayer_sp 1.1
realnetworks realplayer 14.0.0
realnetworks realplayer_sp 1.0.2
realnetworks realplayer 11.0.1
realnetworks realplayer 14.0.7
realnetworks realplayer 11.1
realnetworks realplayer_sp 1.1.1
realnetworks realplayer 12.0.0.1701
realnetworks realplayer 14.0.6
realnetworks realplayer 11.0.4
realnetworks realplayer_sp 1.1.5
realnetworks realplayer 14.0.5
realnetworks realplayer 12.0.0.1569
realnetworks realplayer 14.0.1.633
realnetworks realplayer 14.0.4
realnetworks realplayer_sp 1.0.1
realnetworks realplayer 11.0.2.2315
realnetworks realplayer 14.0.1.609
realnetworks realplayer_sp 1.1.2
realnetworks realplayer_sp 1.1.3
realnetworks realplayer 11_build_6.0.14.748
realnetworks realplayer 11.0
realnetworks realplayer 14.0.1
realnetworks realplayer 11.0.3
realnetworks realplayer_sp 1.0.0
CVE-2012-0942 HIGH

Buffer overflow in rn5auth.dll in RealNetworks Helix Server and Helix Mobile Server 14.x before 14.3.x allows remote attackers to execute arbitrary code via crafted authentication credentials.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
realnetworks helix_server 14.0.0
realnetworks helix_server 14.0.1
realnetworks helix_server 14.2
realnetworks helix_server 14.2.0.212
realnetworks helix_mobile_server 14.0.1
realnetworks helix_mobile_server 14.0.0
CVE-2012-1904 MEDIUM

mp4fformat.dll in the QuickTime File Format plugin in RealNetworks RealPlayer 15 and earlier, and RealPlayer SP 1.1.4 Build 12.0.0.756 and earlier, allows remote attackers to cause a denial of service (memory corruption and application crash) via a crafted MP4 file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
realnetworks realplayer_sp 1.0.5
realnetworks realplayer 10.0
realnetworks realplayer 11.0.2.1744
realnetworks realplayer 11.0.5
realnetworks realplayer 11.0.2
realnetworks realplayer 14.0.2
realnetworks realplayer 7
realnetworks realplayer 8
realnetworks realplayer 11.1.3
realnetworks realplayer 14.0.3
realnetworks realplayer_sp 1.1
realnetworks realplayer 14.0.0
realnetworks realplayer_sp 1.0.2
realnetworks realplayer 11.0.1
realnetworks realplayer 4
realnetworks realplayer 11.1
realnetworks realplayer_sp 1.1.1
realnetworks realplayer 11.0.4
realnetworks realplayer *
realnetworks realplayer 14.0.5
realnetworks realplayer 6
realnetworks realplayer 14.0.4
realnetworks realplayer_sp 1.0.1
realnetworks realplayer 11.0.2.2315
realnetworks realplayer 5
realnetworks realplayer 14.0.1.609
realnetworks realplayer_sp 1.1.2
realnetworks realplayer_sp 1.1.3
realnetworks realplayer 11_build_6.0.14.748
realnetworks realplayer 12.0.0.1444
realnetworks realplayer 11.0
realnetworks realplayer 10.5
realnetworks realplayer 12.0.0.1548
realnetworks realplayer 14.0.1
realnetworks realplayer_sp *
realnetworks realplayer 11.0.3
realnetworks realplayer_sp 1.0.0
CVE-2012-1923 LOW

RealNetworks Helix Server and Helix Mobile Server 14.x before 14.3.x store passwords in cleartext under adm_b_db\users\, which allows local users to obtain sensitive information by reading a database.

CVSS 2.0

Severity: LOW

Problem Type: CWE-310,

Products Affected

Vendor Product Version
realnetworks helix_server 14.0.0
realnetworks helix_server 14.0.1
realnetworks helix_server 14.2
realnetworks helix_server 14.2.0.212
realnetworks helix_mobile_server 14.0.1
realnetworks helix_mobile_server 14.0.0
CVE-2012-1984 MEDIUM

Multiple cross-site scripting (XSS) vulnerabilities in RealNetworks Helix Server and Helix Mobile Server 14.x before 14.3.x allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
realnetworks helix_server 14.0.0
realnetworks helix_server 14.0.1
realnetworks helix_server 14.2
realnetworks helix_server 14.2.0.212
realnetworks helix_mobile_server 14.0.1
realnetworks helix_mobile_server 14.0.0
CVE-2012-1985 MEDIUM

Cross-site request forgery (CSRF) vulnerability in RealNetworks Helix Server and Helix Mobile Server 14.x before 14.3.x allows remote attackers to hijack the authentication of administrators for requests that cause a denial of service (stack consumption and daemon crash) via a malformed URL.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
realnetworks helix_server 14.0.0
realnetworks helix_server 14.0.1
realnetworks helix_server 14.2
realnetworks helix_server 14.2.0.212
realnetworks helix_mobile_server 14.0.1
realnetworks helix_mobile_server 14.0.0
CVE-2012-2267 MEDIUM

master.exe in the SNMP Master Agent in RealNetworks Helix Server and Helix Mobile Server 14.x before 14.3.x allows remote attackers to cause a denial of service (daemon crash) by establishing and closing a port-705 TCP connection, a different vulnerability than CVE-2012-1923.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
realnetworks helix_server 14.0.0
realnetworks helix_server 14.0.1
realnetworks helix_server 14.2
realnetworks helix_server 14.2.0.212
realnetworks helix_mobile_server 14.0.1
realnetworks helix_mobile_server 14.0.0
CVE-2012-2268 MEDIUM

master.exe in the SNMP Master Agent in RealNetworks Helix Server and Helix Mobile Server 14.x before 14.3.x allows remote attackers to cause a denial of service (unhandled exception and daemon crash) via a crafted Open-PDU request that triggers incorrect DisplayString processing, a different vulnerability than CVE-2012-1923.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
realnetworks helix_server 14.0.0
realnetworks helix_server 14.0.1
realnetworks helix_server 14.2
realnetworks helix_server 14.2.0.212
realnetworks helix_mobile_server 14.0.1
realnetworks helix_mobile_server 14.0.0
CVE-2012-2406 HIGH

RealNetworks RealPlayer before 15.0.4.53, and RealPlayer SP 1.0 through 1.1.5, does not properly parse ASMRuleBook data in RealMedia files, which allows remote attackers to execute arbitrary code via a crafted file.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
realnetworks realplayer_sp 1.0.5
realnetworks realplayer 15.02.71
realnetworks realplayer 10.0
realnetworks realplayer_sp 1.1.4
realnetworks realplayer 11.0.2.1744
realnetworks realplayer 11.0.5
realnetworks realplayer 11.0.2
realnetworks realplayer 14.0.2
realnetworks realplayer 7
realnetworks realplayer 8
realnetworks realplayer 11.1.3
realnetworks realplayer 14.0.3
realnetworks realplayer_sp 1.1
realnetworks realplayer 14.0.0
realnetworks realplayer_sp 1.0.2
realnetworks realplayer 11.0.1
realnetworks realplayer 4
realnetworks realplayer 11.1
realnetworks realplayer_sp 1.1.1
realnetworks realplayer 15.0.0
realnetworks realplayer 11.0.4
realnetworks realplayer *
realnetworks realplayer_sp 1.1.5
realnetworks realplayer 14.0.5
realnetworks realplayer 15.0.1.13
realnetworks realplayer 6
realnetworks realplayer 14.0.4
realnetworks realplayer_sp 1.0.1
realnetworks realplayer 11.0.2.2315
realnetworks realplayer 5
realnetworks realplayer 14.0.1.609
realnetworks realplayer_sp 1.1.2
realnetworks realplayer_sp 1.1.3
realnetworks realplayer 11_build_6.0.14.748
realnetworks realplayer 12.0.0.1444
realnetworks realplayer 11.0
realnetworks realplayer 10.5
realnetworks realplayer 12.0.0.1548
realnetworks realplayer 14.0.1
realnetworks realplayer 11.0.3
realnetworks realplayer_sp 1.0.0
CVE-2012-2411 HIGH

Buffer overflow in RealNetworks RealPlayer before 15.0.4.53, and RealPlayer SP 1.0 through 1.1.5, allows remote attackers to execute arbitrary code via a crafted RealJukebox Media file.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
realnetworks realplayer_sp 1.0.5
realnetworks realplayer 15.02.71
realnetworks realplayer 10.0
realnetworks realplayer_sp 1.1.4
realnetworks realplayer 11.0.2.1744
realnetworks realplayer 11.0.5
realnetworks realplayer 11.0.2
realnetworks realplayer 14.0.2
realnetworks realplayer 7
realnetworks realplayer 8
realnetworks realplayer 11.1.3
realnetworks realplayer 14.0.3
realnetworks realplayer_sp 1.1
realnetworks realplayer 14.0.0
realnetworks realplayer_sp 1.0.2
realnetworks realplayer 11.0.1
realnetworks realplayer 4
realnetworks realplayer 11.1
realnetworks realplayer_sp 1.1.1
realnetworks realplayer 15.0.0
realnetworks realplayer 11.0.4
realnetworks realplayer *
realnetworks realplayer_sp 1.1.5
realnetworks realplayer 14.0.5
realnetworks realplayer 15.0.1.13
realnetworks realplayer 6
realnetworks realplayer 14.0.4
realnetworks realplayer_sp 1.0.1
realnetworks realplayer 11.0.2.2315
realnetworks realplayer 5
realnetworks realplayer 14.0.1.609
realnetworks realplayer_sp 1.1.2
realnetworks realplayer_sp 1.1.3
realnetworks realplayer 11_build_6.0.14.748
realnetworks realplayer 12.0.0.1444
realnetworks realplayer 11.0
realnetworks realplayer 10.5
realnetworks realplayer 12.0.0.1548
realnetworks realplayer 14.0.1
realnetworks realplayer 11.0.3
realnetworks realplayer_sp 1.0.0
CVE-2012-5690 HIGH

RealNetworks RealPlayer before 16.0.0.282 and RealPlayer SP 1.0 through 1.1.5 allow remote attackers to execute arbitrary code via a RealAudio file that triggers access to an invalid pointer.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-94,

Products Affected

Vendor Product Version
realnetworks realplayer_sp 1.0.5
realnetworks realplayer 15.02.71
realnetworks realplayer 10.0
realnetworks realplayer_sp 1.1.4
realnetworks realplayer 11.0.2.1744
realnetworks realplayer 11.0.5
realnetworks realplayer 11.0.2
realnetworks realplayer 14.0.2
realnetworks realplayer 7
realnetworks realplayer 8
realnetworks realplayer 11.1.3
realnetworks realplayer 14.0.3
realnetworks realplayer_sp 1.1
realnetworks realplayer 14.0.0
realnetworks realplayer 15.0.4
realnetworks realplayer_sp 1.0.2
realnetworks realplayer 11.0.1
realnetworks realplayer 4
realnetworks realplayer 11.1
realnetworks realplayer_sp 1.1.1
realnetworks realplayer 15.0.6.14
realnetworks realplayer 15.0.0
realnetworks realplayer 11.0.4
realnetworks realplayer *
realnetworks realplayer_sp 1.1.5
realnetworks realplayer 14.0.5
realnetworks realplayer 6
realnetworks realplayer 14.0.4
realnetworks realplayer_sp 1.0.1
realnetworks realplayer 11.0.2.2315
realnetworks realplayer 5
realnetworks realplayer 14.0.1.609
realnetworks realplayer_sp 1.1.2
realnetworks realplayer_sp 1.1.3
realnetworks realplayer 11_build_6.0.14.748
realnetworks realplayer 12.0.0.1444
realnetworks realplayer 11.0
realnetworks realplayer 10.5
realnetworks realplayer 12.0.0.1548
realnetworks realplayer 15.0.5.109
realnetworks realplayer 14.0.1
realnetworks realplayer 11.0.3
realnetworks realplayer_sp 1.0.0
realnetworks realplayer 15.0.4.43
CVE-2012-5691 HIGH

Buffer overflow in RealNetworks RealPlayer before 16.0.0.282 and RealPlayer SP 1.0 through 1.1.5 allows remote attackers to execute arbitrary code via a crafted RealMedia file.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
realnetworks realplayer_sp 1.0.5
realnetworks realplayer 15.02.71
realnetworks realplayer 10.0
realnetworks realplayer_sp 1.1.4
realnetworks realplayer 11.0.2.1744
realnetworks realplayer 11.0.5
realnetworks realplayer 11.0.2
realnetworks realplayer 14.0.2
realnetworks realplayer 7
realnetworks realplayer 8
realnetworks realplayer 11.1.3
realnetworks realplayer 14.0.3
realnetworks realplayer_sp 1.1
realnetworks realplayer 14.0.0
realnetworks realplayer 15.0.4
realnetworks realplayer_sp 1.0.2
realnetworks realplayer 11.0.1
realnetworks realplayer 4
realnetworks realplayer 11.1
realnetworks realplayer_sp 1.1.1
realnetworks realplayer 15.0.6.14
realnetworks realplayer 15.0.0
realnetworks realplayer 11.0.4
realnetworks realplayer *
realnetworks realplayer_sp 1.1.5
realnetworks realplayer 14.0.5
realnetworks realplayer 6
realnetworks realplayer 14.0.4
realnetworks realplayer_sp 1.0.1
realnetworks realplayer 11.0.2.2315
realnetworks realplayer 5
realnetworks realplayer 14.0.1.609
realnetworks realplayer_sp 1.1.2
realnetworks realplayer_sp 1.1.3
realnetworks realplayer 11_build_6.0.14.748
realnetworks realplayer 12.0.0.1444
realnetworks realplayer 11.0
realnetworks realplayer 10.5
realnetworks realplayer 12.0.0.1548
realnetworks realplayer 15.0.5.109
realnetworks realplayer 14.0.1
realnetworks realplayer 11.0.3
realnetworks realplayer_sp 1.0.0
realnetworks realplayer 15.0.4.43
CVE-2013-1750 HIGH

Heap-based buffer overflow in RealNetworks RealPlayer before 16.0.1.18 and RealPlayer SP 1.0 through 1.1.5 allows remote attackers to execute arbitrary code via a malformed MP4 file.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
realnetworks realplayer 10.0
realnetworks realplayer 11.0.5
realnetworks realplayer 11.0.2
realnetworks realplayer 14.0.2
realnetworks realplayer 14.0.0
realnetworks realplayer 15.0.4
realnetworks realplayer 11.0.1
realnetworks realplayer 4
realnetworks realplayer 16.0.0
realnetworks realplayer_sp 1.1.1
realnetworks realplayer 15.0.3.37
realnetworks realplayer 15.0.0
realnetworks realplayer *
realnetworks realplayer 14.0.5
realnetworks realplayer 14.0.4
realnetworks realplayer 5
realnetworks realplayer 14.0.1.609
realnetworks realplayer_sp 1.1.2
realnetworks realplayer_sp 1.1.3
realnetworks realplayer 12.0.0.1444
realnetworks realplayer 10.5
realnetworks realplayer 15.0.4.43
realnetworks realplayer_sp 1.0.5
realnetworks realplayer 15.02.71
realnetworks realplayer_sp 1.1.4
realnetworks realplayer 11.0.2.1744
realnetworks realplayer 7
realnetworks realplayer 8
realnetworks realplayer 11.1.3
realnetworks realplayer 14.0.3
realnetworks realplayer_sp 1.1
realnetworks realplayer_sp 1.0.2
realnetworks realplayer 11.1
realnetworks realplayer 15.0.6.14
realnetworks realplayer 11.0.4
realnetworks realplayer_sp 1.1.5
realnetworks realplayer 15.0.1.13
realnetworks realplayer 6
realnetworks realplayer_sp 1.0.1
realnetworks realplayer 11.0.2.2315
realnetworks realplayer 11_build_6.0.14.748
realnetworks realplayer 11.0
realnetworks realplayer 15.0.2.72
realnetworks realplayer 12.0.0.1548
realnetworks realplayer 15.0.5.109
realnetworks realplayer 14.0.1
realnetworks realplayer 11.0.3
realnetworks realplayer_sp 1.0.0
CVE-2013-2603 HIGH

The RACInstaller.StateCtrl.1 ActiveX control in InstallerDlg.dll in RealNetworks GameHouse RealArcade Installer 2.6.0.481 performs unexpected type conversions for invalid parameter types, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via crafted arguments to the (1) AddTag, (2) Ping, (3) QueuePause, (4) QueueRemove, (5) QueueTop, (6) RemoveTag, (7) TagRemoved, or (8) message method.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
realnetworks realarcade_installer 2.6.0.481
CVE-2013-2604 HIGH

RealNetworks GameHouse RealArcade Installer (aka ActiveMARK Game Installer) 2.6.0.481 and 3.0.7 uses weak permissions (Create Files/Write Data) for the GameHouse Games directory tree, which allows local users to gain privileges via a Trojan horse DLL in an individual game's directory, as demonstrated by DDRAW.DLL in the Zuma Deluxe directory.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
realnetworks realarcade_installer 3.0.7
realnetworks realarcade_installer 2.6.0.481
CVE-2013-3299 MEDIUM

RealNetworks RealPlayer 16.0.2.32 and earlier allows remote attackers to cause a denial of service (resource consumption or application crash) via an HTML document containing JavaScript code that constructs a long string.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
realnetworks realplayer 15.02.71
realnetworks realplayer 10.0
realnetworks realplayer 11.0.2.1744
realnetworks realplayer 11.0.5
realnetworks realplayer 11.0.2
realnetworks realplayer 14.0.2
realnetworks realplayer 7
realnetworks realplayer 8
realnetworks realplayer 11.1.3
realnetworks realplayer 14.0.3
realnetworks realplayer 14.0.0
realnetworks realplayer 15.0.4
realnetworks realplayer 16.0.0.282
realnetworks realplayer 11.0.1
realnetworks realplayer 4
realnetworks realplayer 16.0.0
realnetworks realplayer 11.1
realnetworks realplayer 15.0.6.14
realnetworks realplayer 15.0.3.37
realnetworks realplayer 15.0.0
realnetworks realplayer 11.0.4
realnetworks realplayer *
realnetworks realplayer 14.0.5
realnetworks realplayer 15.0.1.13
realnetworks realplayer 6
realnetworks realplayer 14.0.4
realnetworks realplayer 11.0.2.2315
realnetworks realplayer 5
realnetworks realplayer 14.0.1.609
realnetworks realplayer 11_build_6.0.14.748
realnetworks realplayer 12.0.0.1444
realnetworks realplayer 11.0
realnetworks realplayer 15.0.2.72
realnetworks realplayer 10.5
realnetworks realplayer 12.0.0.1548
realnetworks realplayer 15.0.5.109
realnetworks realplayer 14.0.1
realnetworks realplayer 11.0.3
realnetworks realplayer 15.0.4.43
CVE-2013-4973 HIGH

Stack-based buffer overflow in RealNetworks RealPlayer before 16.0.3.51, and RealPlayer SP 1.0 through 1.1.5, allows remote attackers to execute arbitrary code via a crafted .rmp file.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
realnetworks realplayer_sp 1.0.5
realnetworks realplayer 15.02.71
realnetworks realplayer 10.0
realnetworks realplayer_sp 1.1.4
realnetworks realplayer 11.0.2.1744
realnetworks realplayer 11.0.5
realnetworks realplayer 11.0.2
realnetworks realplayer 14.0.2
realnetworks realplayer 11.1.3
realnetworks realplayer 14.0.3
realnetworks realplayer_sp 1.1
realnetworks realplayer 14.0.0
realnetworks realplayer 15.0.4
realnetworks realplayer_sp 1.0.2
realnetworks realplayer 16.0.0.282
realnetworks realplayer 11.0.1
realnetworks realplayer 16.0.0
realnetworks realplayer 11.1
realnetworks realplayer_sp 1.1.1
realnetworks realplayer 15.0.6.14
realnetworks realplayer 15.0.0
realnetworks realplayer 11.0.4
realnetworks realplayer *
realnetworks realplayer_sp 1.1.5
realnetworks realplayer 14.0.5
realnetworks realplayer 14.0.4
realnetworks realplayer_sp 1.0.1
realnetworks realplayer 11.0.2.2315
realnetworks realplayer 14.0.1.609
realnetworks realplayer_sp 1.1.2
realnetworks realplayer_sp 1.1.3
realnetworks realplayer 11_build_6.0.14.748
realnetworks realplayer 12.0.0.1444
realnetworks realplayer 11.0
realnetworks realplayer 10.5
realnetworks realplayer 12.0.0.1548
realnetworks realplayer 15.0.5.109
realnetworks realplayer 14.0.1
realnetworks realplayer 11.0.3
realnetworks realplayer_sp 1.0.0
realnetworks realplayer 16.0.1.18
realnetworks realplayer 15.0.4.43
CVE-2013-4974 HIGH

RealNetworks RealPlayer before 16.0.3.51, and RealPlayer SP 1.0 through 1.1.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a malformed RealMedia file.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
realnetworks realplayer_sp 1.0.5
realnetworks realplayer 15.02.71
realnetworks realplayer 10.0
realnetworks realplayer_sp 1.1.4
realnetworks realplayer 11.0.2.1744
realnetworks realplayer 11.0.5
realnetworks realplayer 11.0.2
realnetworks realplayer 14.0.2
realnetworks realplayer 11.1.3
realnetworks realplayer 14.0.3
realnetworks realplayer_sp 1.1
realnetworks realplayer 14.0.0
realnetworks realplayer 15.0.4
realnetworks realplayer_sp 1.0.2
realnetworks realplayer 16.0.0.282
realnetworks realplayer 11.0.1
realnetworks realplayer 16.0.0
realnetworks realplayer 11.1
realnetworks realplayer_sp 1.1.1
realnetworks realplayer 15.0.6.14
realnetworks realplayer 15.0.0
realnetworks realplayer 11.0.4
realnetworks realplayer *
realnetworks realplayer_sp 1.1.5
realnetworks realplayer 14.0.5
realnetworks realplayer 14.0.4
realnetworks realplayer_sp 1.0.1
realnetworks realplayer 11.0.2.2315
realnetworks realplayer 14.0.1.609
realnetworks realplayer_sp 1.1.2
realnetworks realplayer_sp 1.1.3
realnetworks realplayer 11_build_6.0.14.748
realnetworks realplayer 12.0.0.1444
realnetworks realplayer 11.0
realnetworks realplayer 10.5
realnetworks realplayer 12.0.0.1548
realnetworks realplayer 15.0.5.109
realnetworks realplayer 14.0.1
realnetworks realplayer 11.0.3
realnetworks realplayer_sp 1.0.0
realnetworks realplayer 16.0.1.18
realnetworks realplayer 15.0.4.43
CVE-2013-6877 HIGH

Heap-based buffer overflow in RealNetworks RealPlayer before 17.0.4.61 on Windows, and Mac RealPlayer before 12.0.1.1738, allows remote attackers to execute arbitrary code via a long string in the TRACKID element of an RMP file, a different vulnerability than CVE-2013-7260.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
realnetworks realplayer 16.0.2.32
realnetworks realplayer 16.0.3.51
CVE-2013-7260 HIGH

Multiple stack-based buffer overflows in RealNetworks RealPlayer before 17.0.4.61 on Windows, and Mac RealPlayer before 12.0.1.1738, allow remote attackers to execute arbitrary code via a long (1) version number or (2) encoding declaration in the XML declaration of an RMP file, a different issue than CVE-2013-6877.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
realnetworks realplayer 15.02.71
realnetworks realplayer 10.0
realnetworks realplayer 11.0.2.1744
realnetworks realplayer 11.0.5
realnetworks realplayer 11.0.2
realnetworks realplayer 14.0.2
realnetworks realplayer 7
realnetworks realplayer 8
realnetworks realplayer 11.1.3
realnetworks realplayer 14.0.3
realnetworks realplayer 14.0.0
realnetworks realplayer 15.0.4
realnetworks realplayer 16.0.0.282
realnetworks realplayer 11.0.1
realnetworks realplayer 4
realnetworks realplayer 16.0.0
realnetworks realplayer 11.1
realnetworks realplayer 2.1.2
realnetworks realplayer 12.0.0.1701
realnetworks realplayer 15.0.6.14
realnetworks realplayer 15.0.0
realnetworks realplayer 11.0.4
realnetworks realplayer *
realnetworks realplayer 14.0.5
realnetworks realplayer 10.1
realnetworks realplayer 2.1.3
realnetworks realplayer 6
realnetworks realplayer 14.0.4
realnetworks realplayer 16.0.3.51
realnetworks realplayer 2.1.4
realnetworks realplayer 11.0.2.2315
realnetworks realplayer 5
realnetworks realplayer 14.0.1.609
realnetworks realplayer 16.0.2.32
realnetworks realplayer 11_build_6.0.14.748
realnetworks realplayer 12.0.0.1444
realnetworks realplayer 11.0
realnetworks realplayer 10.5
realnetworks realplayer 12.0.0.1548
realnetworks realplayer 15.0.5.109
realnetworks realplayer 12.0.1.1737
realnetworks realplayer 14.0.1
realnetworks realplayer 11.0.3
realnetworks realplayer 16.0.1.18
realnetworks realplayer 15.0.4.43
CVE-2014-3113 HIGH

Multiple buffer overflows in RealNetworks RealPlayer before 17.0.10.8 allow remote attackers to execute arbitrary code via a malformed (1) elst or (2) stsz atom in an MP4 file.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
realnetworks realplayer *
realnetworks realplayer 17.0.4.60
CVE-2014-3444 HIGH

The GetGUID function in codecs/dmp4.dll in RealNetworks RealPlayer 16.0.3.51 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (write access violation and application crash) via a malformed .3gp file.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-94,

Products Affected

Vendor Product Version
realnetworks realplayer 16.0.0
realnetworks realplayer 16.0.2.32
realnetworks realplayer 16.0.0.282
realnetworks realplayer 16.0.1.18
realnetworks realplayer *
CVE-2016-9018 MEDIUM

Improper handling of a repeating VRAT chunk in qcpfformat.dll allows attackers to cause a Null pointer dereference and crash in RealNetworks RealPlayer 18.1.5.705 through a crafted .QCP media file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
realnetworks realplayer 18.1.5.705
CVE-2017-9302 MEDIUM

RealPlayer 16.0.2.32 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted mp4 file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-369,

Products Affected

Vendor Product Version
realnetworks realplayer 16.0.2.32
CVE-2018-13121 MEDIUM

RealOne Player 2.0 Build 6.0.11.872 allows remote attackers to cause a denial of service (array out-of-bounds access and application crash) via a crafted .aiff file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
realnetworks realone_player 2.0
CVE-2022-32269 HIGH

In Real Player 20.0.8.310, the G2 Control allows injection of unsafe javascript: URIs in local HTTP error pages (displayed by Internet Explorer core). This leads to arbitrary code execution.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-79,

Products Affected

Vendor Product Version
realnetworks realplayer 20.0.8.310
CVE-2022-32270 HIGH

In Real Player 20.0.7.309 and 20.0.8.310, external::Import() allows download of arbitrary file types and Directory Traversal, leading to Remote Code Execution. This occurs because it is possible to plant executables in the startup folder (DLL planting could also occur).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-22,

Products Affected

Vendor Product Version
realnetworks realplayer 20.0.8.310
realnetworks realplayer 20.0.7.309
CVE-2022-32271 MEDIUM

In Real Player 20.0.8.310, there is a DCP:// URI Remote Arbitrary Code Execution Vulnerability. This is an internal URL Protocol used by Real Player to reference a file that contains an URL. It is possible to inject script code to arbitrary domains. It is also possible to reference arbitrary local files.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.6 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H 2.8 6.0

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
realnetworks realplayer 20.0.8.310
CVE-2022-32291 MEDIUM

In Real Player through 20.1.0.312, attackers can execute arbitrary code by placing a UNC share pathname (for a DLL file) in a RAM file.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
realnetworks realplayer *