Buffer overflow in RealNetworks RealServer administration utility allows remote attackers to execute arbitrary commands via a long username and password.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| realnetworks | realserver_g2 | 1.0 |
pnserver in RealServer 5.0 and earlier allows remote attackers to cause a denial of service by sending a short, malformed request.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| realnetworks | realserver | 5.0 |
RealSystem G2 server stores the administrator password in cleartext in a world-readable configuration file, which allows local users to gain privileges.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| realnetworks | realsystem_g2_server | * |
Real Media RealServer (rmserver) 6.0.3.353 stores a password in plaintext in the world-readable rmserver.cfg file, which allows local users to gain privileges.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| realnetworks | realserver | 6.0.3.353 |
RealMedia server allows remote attackers to cause a denial of service via a long ramgen request.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| realnetworks | realserver | 5.0 |
RealMedia RealServer reveals the real IP address of a Real Server, even if the address is supposed to be private.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| realnetworks | realserver_g2 | 1.0 |
| realnetworks | realserver | 5.0 |
| realnetworks | realserver | 7.0 |
RealNetworks RealServer allows remote attackers to cause a denial of service by sending malformed input to the server at port 7070.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| realnetworks | realserver | basic |
| realnetworks | realserver | g2_1.0 |
| realnetworks | realserver | intranet |
| realnetworks | realserver | plus |
| realnetworks | realserver | pro |
| realnetworks | realserver | 7.0 |
Buffer overflow in the RealNetworks RealPlayer client versions 6 and 7 allows remote attackers to cause a denial of service via a long Location URL.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| realnetworks | realplayer | 7.0 |
| realnetworks | realplayer | 6.0 |
Real Networks RealServer 7.x allows remote attackers to cause a denial of service via a malformed request for a page in the viewsource directory.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| realnetworks | realserver | 8.0_beta |
| realnetworks | realserver | 7.0 |
| realnetworks | realserver | 7.0.1 |
Real Networks RealServer 7 and earlier allows remote attackers to obtain portions of RealServer's memory contents, possibly including sensitive information, by accessing the /admin/includes/ URL.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| realnetworks | realserver | 6.0 |
| realnetworks | realserver | 5.0 |
| realnetworks | realserver | 7.0 |
Buffer overflow in Real Networks RealPlayer 8.0 and earlier allows remote attackers to execute arbitrary code via a header length value that exceeds the actual length of the header.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| realnetworks | realone_player | * |
| realnetworks | realplayer_intranet | * |
| realnetworks | realplayer_intranet | 7.0 |
RealPlayer 8 allows remote attackers to cause a denial of service (CPU utilization) via malformed .mp3 files.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| realnetworks | realplayer | 8.0 |
Directory traversal vulnerability in the web server used in RealPlayer 6.0.7, and possibly other versions, may allow local users to read files that are accessible to RealPlayer via a .. (dot dot) in an HTTP GET request to port 1275.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| realnetworks | realplayer | 6.0 |
Buffer overflow in RealJukebox 2 1.0.2.340 and 1.0.2.379, and RealOne Player Gold 6.0.10.505, allows remote attackers to execute arbitrary code via an RFS skin file whose skin.ini contains a long value in a CONTROLnImage argument, such as CONTROL1Image.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| realnetworks | realjukebox_2_plus | 1.0.2.379 |
| realnetworks | realjukebox_2_plus | 1.0.2.340 |
| realnetworks | realjukebox_2 | 1.0.2.379 |
| realnetworks | realone_player | 6.0.10.505 |
| realnetworks | realjukebox_2 | 1.0.2.340 |
RealJukebox 2 1.0.2.340 and 1.0.2.379, and RealOne Player Gold 6.0.10.505, allows remote attackers to execute arbitrary script in the Local computer zone by inserting the script into the skin.ini file of an RJS archive, then referencing skin.ini from a web page after it has been extracted, which is parsed as HTML by Internet Explorer or other Microsoft-based web readers.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| realnetworks | realjukebox_2_plus | 1.0.2.379 |
| realnetworks | realjukebox_2_plus | 1.0.2.340 |
| realnetworks | realjukebox_2 | 1.0.2.379 |
| realnetworks | realone_player | 6.0.10.505 |
| realnetworks | realjukebox_2 | 1.0.2.340 |
Multiple buffer overflows in RealOne and RealPlayer allow remote attackers to execute arbitrary code via (1) a Synchronized Multimedia Integration Language (SMIL) file with a long parameter, (2) a long long filename in a rtsp:// request, e.g. from a .m3u file, or (3) certain "Now Playing" options on a downloaded file with a long filename.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| realnetworks | realone_player | 2.0 |
| realnetworks | realplayer | 7.0 |
| realnetworks | realplayer | 8.0 |
| realnetworks | realplayer | 6.0 |
| realnetworks | realplayer | * |
Multiple buffer overflows in RealNetworks Helix Universal Server 9.0 (9.0.2.768) allow remote attackers to execute arbitrary code via (1) a long Transport field in a SETUP RTSP request, (2) a DESCRIBE RTSP request with a long URL argument, or (3) two simultaneous HTTP GET requests with long arguments.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| realnetworks | helix_universal_server | 9.0 |
| realnetworks | helix_universal_server | 9.0.2.768 |
The PNG deflate algorithm in RealOne Player 6.0.11.x and earlier, RealPlayer 8/RealPlayer Plus 8 6.0.9.584, and other versions allows remote attackers to corrupt the heap and overwrite arbitrary memory via a PNG graphic file format containing compressed data using fixed trees that contain the length values 286-287, which are treated as a very large length.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| realnetworks | realone_player | 6.0.11.853 |
| realnetworks | realone_player | 2.0 |
| realnetworks | realone_player | 6.0.11.818 |
| realnetworks | realone_player | 6.0.11.830 |
| realnetworks | realone_player | 9.0.0.297 |
| realnetworks | realone_player | 9.0.0.288 |
| realnetworks | realone_enterprise_desktop | 6.0.11.774 |
| realnetworks | realone_player | 6.0.11.841 |
| realnetworks | realplayer | 8.0 |
| realnetworks | realone_player | 6.0.10.505 |
Buffer overflow in the RTSP protocol parser for the View Source plug-in (vsrcplin.so or vsrcplin3260.dll) for RealNetworks Helix Universal Server 9 and RealSystem Server 8, 7 and RealServer G2 allows remote attackers to execute arbitrary code.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| realnetworks | helix_universal_server | 9.0.1 |
| realnetworks | realserver | g2_1.0 |
| realnetworks | realserver | 8.0 |
| realnetworks | realserver | 8.0.1 |
| realnetworks | realserver | 8.0_beta |
| realnetworks | realserver | 7.0.2 |
| realnetworks | helix_universal_server | 9.0.2.794 |
| realnetworks | helix_universal_server | 9.0 |
| realnetworks | helix_universal_server | 8.0.1 |
| realnetworks | realserver | 8.0.2 |
| realnetworks | realserver | 7.0 |
| realnetworks | realserver | 7.0.1 |
RealOne player allows remote attackers to execute arbitrary script in the "My Computer" zone via a SMIL presentation with a URL that references a scripting protocol, which is executed in the security context of the previously loaded URL, as demonstrated using a "javascript:" URL in the area tag.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| realnetworks | realone_player | 6.0.11.853 |
| realnetworks | realone_player | 2.0 |
| realnetworks | realone_player | 6.0.11.818 |
| realnetworks | realone_player | 6.0.11.830 |
| realnetworks | realone_desktop_manager | * |
| realnetworks | realone_enterprise_desktop | 6.0.11.774 |
| realnetworks | realone_player | 6.0.11.841 |
| realnetworks | realone_player | 6.0.10.505 |
Buffer overflow in RealSystem Server 6.x, 7.x and 8.x, and RealSystem Proxy 8.x, related to URL error handling, allows remote attackers to cause a denial of service and possibly execute arbitrary code.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| realnetworks | realsystem_server | 6 |
| realnetworks | realsystem_server | 8 |
| realnetworks | realsystem_proxy | 8 |
| realnetworks | realsystem_server | 7 |
Real Networks RealOne Enterprise Desktop 6.0.11.774, RealOne Player 2.0, and RealOne Player 6.0.11.818 through RealOne Player 6.0.11.853 allows remote attackers to execute arbitrary script in the local security zone by embedding script in a temp file before the temp file is executed by the default web browser.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| realnetworks | realone_player | 6.0.11.853 |
| realnetworks | realone_player | 2.0 |
| realnetworks | realone_player | 6.0.11.818 |
| realnetworks | realone_player | 6.0.11.830 |
| realnetworks | realone_enterprise_desktop | 6.0.11.774 |
| realnetworks | realone_player | 6.0.11.841 |
Helix Universal Server/Proxy 9 and Mobile Server 10 allow remote attackers to cause a denial of service via certain HTTP POST messages to the Administration System port.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| realnetworks | helix_universal_mobile_server | * |
| realnetworks | helix_universal_server | * |
Multiple buffer overflows in RealOne Player, RealOne Player 2.0, RealOne Enterprise Desktop, and RealPlayer Enterprise allow remote attackers to execute arbitrary code via malformed (1) .RP, (2) .RT, (3) .RAM, (4) .RPM or (5) .SMIL files.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| realnetworks | realone_player | 1.0 |
| realnetworks | realone_player | 6.0.11.853 |
| realnetworks | realplayer | 10.0_beta |
| realnetworks | realone_player | 2.0 |
| realnetworks | realone_player | 6.0.11.818 |
| realnetworks | realone_player | 6.0.11.830 |
| realnetworks | realone_desktop_manager | * |
| realnetworks | realone_player | 6.0.11.868 |
| realnetworks | realone_enterprise_desktop | 6.0.11.774 |
| realnetworks | realone_player | 6.0.11.841 |
| realnetworks | realplayer | 8.0 |
Directory traversal vulnerability in RealOne Player, RealOne Player 2.0, and RealOne Enterprise Desktop allows remote attackers to upload arbitrary files via an RMP file that contains .. (dot dot) sequences in a .rjs skin file.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-22,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| realnetworks | realone_player | 1.0 |
| realnetworks | realone_player | 6.0.11.853 |
| realnetworks | realone_player | 2.0 |
| realnetworks | realone_player | 6.0.11.818 |
| realnetworks | realone_player | 6.0.11.830 |
| realnetworks | realone_desktop_manager | * |
| realnetworks | realone_player | 6.0.11.868 |
| realnetworks | realone_enterprise_desktop | 6.0.11.774 |
| realnetworks | realone_player | 6.0.11.841 |
Stack-based buffer overflow in the RT3 plugin, as used in RealPlayer 8, RealOne Player, RealOne Player 10 beta, and RealOne Player Enterprise, allows remote attackers to execute arbitrary code via a malformed .R3T file.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| realnetworks | realone_player | * |
| realnetworks | realone_player | 10_beta |
| realnetworks | realplayer | 8.0 |
RealNetworks Helix Universal Server 9.0.1 and 9.0.2 allows remote attackers to cause a denial of service (crash) via malformed requests that trigger a null dereference, as demonstrated using (1) GET_PARAMETER or (2) DESCRIBE requests.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 3.9 | 3.6 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-476,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| realnetworks | helix_universal_server | 9.0.1 |
| realnetworks | helix_universal_server | 9.0.2 |
Buffer overflow in Real Networks RealPlayer 10 allows remote attackers to execute arbitrary code via a URL with a large number of "." (period) characters.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| realnetworks | realplayer | 10.0 |
RealNetworks Helix Universal Server 9.0.2 for Linux and 9.0.3 for Windows allows remote attackers to cause a denial of service (CPU and memory exhaustion) via a POST request with a Content-Length header set to -1.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| realnetworks | helix_universal_server | 9.0.2 |
| realnetworks | helix_universal_server | * |
| realnetworks | helix_universal_mobile_server_and_gateway | * |
Buffer overflow in InnerMedia DynaZip DUNZIP32.dll file version 5.00.03 and earlier allows remote attackers to execute arbitrary code via a ZIP file containing a file with a long filename, as demonstrated using (1) a .rjs (skin) file in RealPlayer 10 through RealPlayer 10.5 (6.0.12.1053), RealOne Player 1 and 2, (2) the Restore Backup function in CheckMark Software Payroll 2004/2005 3.9.6 and earlier, (3) CheckMark MultiLedger before 7.0.2, (4) dtSearch 6.x and 7.x, (5) mcupdmgr.exe and mghtml.exe in McAfee VirusScan 10 Build 10.0.21 and earlier, (6) IBM Lotus Notes before 6.5.5, and other products. NOTE: it is unclear whether this is the same vulnerability as CVE-2004-0575, although the data manipulations are the same.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| checkmark | checkmark_payroll | 3.7.5 |
| checkmark | multiledger | 6.0.3 |
| realnetworks | realplayer | 10.0 |
| checkmark | checkmark_payroll | 3.9.1 |
| checkmark | checkmark_payroll | 3.9.4 |
| realnetworks | realplayer | 10.0_beta |
| realnetworks | realplayer | 10.5_6.0.12.1040 |
| checkmark | checkmark_payroll | 3.9.5 |
| checkmark | checkmark_payroll | 3.9.2 |
| realnetworks | realplayer | 10.5_6.0.12.1016_beta |
| checkmark | multiledger | * |
| realnetworks | realplayer | 10.5_6.0.12.1053 |
| checkmark | checkmark_payroll | * |
| checkmark | checkmark_payroll | 3.9.3 |
| checkmark | multiledger | 6.0.5 |
| innermedia | dynazip_library | 5.00.02 |
| checkmark | multiledger | 7.0.0 |
| innermedia | dynazip_library | 5.00.01 |
| realnetworks | realone_player | 1.0 |
| realnetworks | realone_player | 2.0 |
| realnetworks | realplayer | 10.0_6.0.12.690 |
| realnetworks | realplayer | 10.5 |
| innermedia | dynazip_library | 5.00.00 |
| innermedia | dynazip_library | 5.00.03 |
Integer overflow in pnen3260.dll in RealPlayer 8 through 10.5 (6.0.12.1040) and earlier, and RealOne Player 1 or 2 on Windows or Mac OS, allows remote attackers to execute arbitrary code via a SMIL file and a .rm movie file with a large length field for the data chunk, which leads to a heap-based buffer overflow.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| realnetworks | realplayer | 10.0 |
| realnetworks | realplayer | - |
| realnetworks | realone_player | 9.0.0.288 |
| realnetworks | realplayer | 10.5_6.0.12.1040 |
| realnetworks | helix_player | 1.0 |
| realnetworks | realplayer | 8.0 |
| realnetworks | realone_player | 1.0 |
| realnetworks | realone_player | 2.0 |
| realnetworks | realone_player | 9.0.0.297 |
| realnetworks | realplayer | 10.0_6.0.12.690 |
| realnetworks | realplayer | 10.5 |
| realnetworks | realplayer | 10.5_6.0.12.1016 |
RealOne player 6.0.11.868 allows remote attackers to execute arbitrary script in the "My Computer" zone via a Synchronized Multimedia Integration Language (SMIL) presentation with a "file:javascript:" URL, which is executed in the security context of the previously loaded URL, a different vulnerability than CVE-2003-0726.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| realnetworks | realone_player | 1.0 |
| realnetworks | realone_player | 6.0.11.853 |
| realnetworks | realone_player | 2.0 |
| realnetworks | realone_player | 6.0.11.818 |
| realnetworks | realone_player | 6.0.11.830 |
| realnetworks | realone_player | 6.0.11.868 |
| realnetworks | realone_enterprise_desktop | 6.0.11.774 |
| realnetworks | realone_player | 6.0.11.841 |
| realnetworks | realplayer | 8.0 |
| realnetworks | realone_player | 6.0.10.505 |
Stack-based buffer overflow in the HandleAction function in RealPlayer 10.5 (6.0.12.1040) and earlier allows remote attackers to execute arbitrary code via a long ShowPreferences argument.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| realnetworks | realone_player | 1.0 |
| realnetworks | realplayer | 10.0 |
| realnetworks | realplayer | 10.0_beta |
| realnetworks | realone_player | 2.0 |
| realnetworks | realplayer | 10.0_6.0.12.690 |
| realnetworks | realplayer | 10.5 |
| realnetworks | realplayer | 10.5_6.0.12.1040 |
| realnetworks | realplayer | 10.5_6.0.12.1016_beta |
Directory traversal vulnerability in RealPlayer 10.5 (6.0.12.1040) and earlier allows remote attackers to delete arbitrary files via a Real Metadata Packages (RMP) file with a FILENAME tag containing .. (dot dot) sequences in a filename that ends with a ? (question mark) and an allowed file extension (e.g. .mp3), which bypasses the check for the file extension.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| realnetworks | realone_player | 1.0 |
| realnetworks | realplayer | 10.0 |
| realnetworks | realplayer | 10.0_beta |
| realnetworks | realone_player | 2.0 |
| realnetworks | realplayer | 10.0_6.0.12.690 |
| realnetworks | realplayer | 10.5 |
| realnetworks | realplayer | 10.5_6.0.12.1040 |
| realnetworks | realplayer | 10.5_6.0.12.1016_beta |
Off-by-one buffer overflow in the processing of tags in Real Metadata Package (RMP) files in RealPlayer 10.5 (6.0.12.1040) and earlier could allow remote attackers to execute arbitrary code via a long tag.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| realnetworks | realone_player | 1.0 |
| realnetworks | realplayer | 10.0 |
| realnetworks | realplayer | 10.0_beta |
| realnetworks | realone_player | 2.0 |
| realnetworks | realplayer | 10.0_6.0.12.690 |
| realnetworks | realplayer | 10.5 |
| realnetworks | realplayer | 10.5_6.0.12.1040 |
| realnetworks | realplayer | 10.5_6.0.12.1016_beta |
Directory traversal vulnerability in the parsing of Skin file names in RealPlayer 10.5 (6.0.12.1040) and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in an RJS filename.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| realnetworks | realone_player | 1.0 |
| realnetworks | realplayer | 10.0 |
| realnetworks | realone_player | 2.0 |
| realnetworks | realplayer | 10.5 |
Directory traversal vulnerability in RealArcade 1.2.0.994 allows remote attackers to delete arbitrary files via an RGP file with a .. (dot dot) in the FILENAME tag.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| realnetworks | realarcade | * |
Heap-based buffer overflow in RealNetworks RealPlayer 10.5 (6.0.12.1056 and earlier), 10, 8, and RealOne Player V2 and V1, allows remote attackers to execute arbitrary code via .WAV files.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| realnetworks | realone_player | 1.0 |
| realnetworks | realplayer | 10.0 |
| realnetworks | helix_player | * |
| realnetworks | realone_player | 2.0 |
| realnetworks | realplayer | 10.5 |
| realnetworks | realplayer | 8.0 |
| realnetworks | realplayer | * |
Heap-based buffer overflow in RealPlayer 10 and earlier, Helix Player before 10.0.4, and RealOne Player v1 and v2 allows remote attackers to execute arbitrary code via a long hostname in a RAM file.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| realnetworks | realone_player | 1.0 |
| realnetworks | realplayer | 10.0 |
| realnetworks | helix_player | * |
| realnetworks | realone_player | 2.0 |
| realnetworks | realplayer | 10.0_6.0.12.690 |
| realnetworks | realplayer | 8.0 |
Heap-based buffer overflow in rtffplin.cpp in RealPlayer 10.5 6.0.12.1056 on Windows, and 10, 10.0.1.436, and other versions before 10.0.5 on Linux, allows remote attackers to execute arbitrary code via a RealMedia file with a long RealText string, such as an SMIL file.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| realnetworks | realplayer | * |
Heap-based buffer overflow in vidplin.dll in RealPlayer 10 and 10.5 (6.0.12.1040 through 1069), RealOne Player v1 and v2, RealPlayer 8 and RealPlayer Enterprise allows remote attackers to execute arbitrary code via an .avi file with a modified strf structure value.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| realnetworks | realone_player | 1.0 |
| realnetworks | realplayer | 10.0 |
| realnetworks | realone_player | 2.0 |
| realnetworks | realplayer | 10.5_6.0.12.1040 |
| realnetworks | realplayer | 8.0 |
| realnetworks | realplayer | * |
| realnetworks | realplayer | 10.5_6.0.12.1069 |
Unknown vulnerability in RealPlayer 10 and 10.5 (6.0.12.1040-1069) and RealOne Player v1 and v2 allows remote attackers to overwrite arbitrary files or execute arbitrary ActiveX controls via a crafted MP3 file.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| realnetworks | realone_player | 1.0 |
| realnetworks | realplayer | 10.0 |
| realnetworks | realone_player | 2.0 |
| realnetworks | realplayer | 10.5_6.0.12.1040_1069 |
RealPlayer 8, 10, 10.5 (6.0.12.1040-1069), and Enterprise and RealOne Player v1 and v2 allows remote malicious web server to create an arbitrary HTML file that executes an RM file via "default settings of earlier Internet Explorer browsers".
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| realnetworks | realone_player | 1.0 |
| realnetworks | realplayer | 10.0 |
| realnetworks | realone_player | 2.0 |
| realnetworks | realplayer | 10.5_6.0.12.1040_1069 |
| realnetworks | realplayer | 8.0 |
| realnetworks | realplayer | * |
Integer overflow in RealNetworks RealPlayer 8, 10, and 10.5, RealOne Player 1 and 2, and Helix Player 10.0.0 allows remote attackers to execute arbitrary code via an .rm movie file with a large value in the length field of the first data packet, which leads to a stack-based buffer overflow, a different vulnerability than CVE-2004-1481.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| realnetworks | realplayer | 10.0 |
| realnetworks | helix_player | 1.0.4 |
| realnetworks | realplayer | 10.5_6.0.12.1235 |
| realnetworks | helix_player | 1.0.1 |
| realnetworks | realplayer | 10.5_6.0.12.1059 |
| realnetworks | realplayer | 10.5_6.0.12.1040 |
| realnetworks | helix_player | 1.0 |
| realnetworks | realplayer | 8.0 |
| realnetworks | helix_player | 1.0.5 |
| realnetworks | realplayer | 10.5_6.0.12.1053 |
| realnetworks | helix_player | 1.0.2 |
| realnetworks | realone_player | 1.0 |
| realnetworks | realone_player | 2.0 |
| realnetworks | helix_player | 1.0.3 |
| realnetworks | realplayer | 10.5 |
| realnetworks | realplayer | 10.5_6.0.12.1056 |
| realnetworks | realplayer | * |
| realnetworks | realplayer | 10.5_6.0.12.1069 |
Heap-based buffer overflow in DUNZIP32.DLL for RealPlayer 8, 10, and 10.5 and RealOne Player 1 and 2 allows remote attackers to execute arbitrary code via a crafted RealPlayer Skin (RJS) file, a different vulnerability than CVE-2004-1094.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| realnetworks | realplayer | 10.0 |
| realnetworks | realplayer | 10.5_6.0.12.1235 |
| realnetworks | realplayer | 10.5_6.0.12.1059 |
| realnetworks | realplayer | 10.5_6.0.12.1040 |
| realnetworks | realplayer | 8.0 |
| realnetworks | realplayer | 10.5_6.0.12.1053 |
| realnetworks | realone_player | 1.0 |
| realnetworks | realone_player | 2.0 |
| realnetworks | realplayer | 10.5 |
| realnetworks | realplayer | 10.5_6.0.12.1056 |
| realnetworks | realplayer | * |
| realnetworks | realplayer | 10.5_6.0.12.1069 |
Format string vulnerability in Real HelixPlayer and RealPlayer 10 allows remote attackers to execute arbitrary code via the (1) image handle or (2) timeformat attribute in a RealPix (.rp) or RealText (.rt) file.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| realnetworks | realplayer | 10.0 |
| realnetworks | helix_player | * |
Heap-based buffer overflow in the embedded player in multiple RealNetworks products and versions including RealPlayer 10.x, RealOne Player, and Helix Player allows remote malicious servers to cause a denial of service (crash) and possibly execute arbitrary code via a chunked Transfer-Encoding HTTP response in which either (1) the chunk header length is specified as -1, (2) the chunk header with a length that is less than the actual amount of sent data, or (3) a missing chunk header.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| realnetworks | realplayer | 10.0 |
| realnetworks | realplayer | 10.0.0.331 |
| realnetworks | realplayer | 10.0.4 |
| realnetworks | realplayer | 10.0.1 |
| realnetworks | realplayer | 10.5_6.0.12.1235 |
| realnetworks | realplayer | 10.0.2 |
| realnetworks | realplayer | 10.5_6.0.12.1059 |
| realnetworks | helix_player | 10.0.2 |
| realnetworks | realplayer | 10.5_6.0.12.1040 |
| realnetworks | rhapsody | 3.0_build_0.815 |
| realnetworks | realplayer | 8.0 |
| realnetworks | realplayer | 10.0.5 |
| realnetworks | realplayer | 10.5_6.0.12.1053 |
| realnetworks | helix_player | 10.0.6 |
| realnetworks | realplayer | * |
| realnetworks | realplayer | 10.5_6.0.12.1069 |
| realnetworks | realplayer | 10.0.6 |
| realnetworks | helix_player | 10.0.4 |
| realnetworks | helix_player | 10.0.1 |
| realnetworks | realplayer | 10.0.0.305 |
| realnetworks | realone_player | * |
| realnetworks | helix_player | 10.0 |
| realnetworks | helix_player | 10.0.5 |
| realnetworks | realplayer | 10.0.3 |
| realnetworks | rhapsody | 3.0 |
| realnetworks | realone_player | 1.0 |
| realnetworks | helix_player | 10.0.3 |
| realnetworks | realone_player | 2.0 |
| realnetworks | realone_player | 0.288 |
| realnetworks | realplayer | 10.5 |
| realnetworks | realplayer | 10.5_6.0.12.1056 |
| realnetworks | realone_player | 0.297 |
Unquoted Windows search path vulnerability in RealNetworks RealPlayer 10.5 6.0.12.1040 through 6.0.12.1348, RealPlayer 10, RealOne Player v2, RealOne Player v1, and RealPlayer 8 before 20060322 might allow local users to gain privileges via a malicious C:\program.exe file.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| realnetworks | realone_player | 1.0 |
| realnetworks | realplayer | 10.0 |
| realnetworks | realone_player | 2.0 |
| realnetworks | realplayer | 10.5_6.0.12.1348 |
| realnetworks | realplayer | 10.5_6.0.12.1040 |
| realnetworks | realplayer | 8.0 |
Buffer overflow in RealNetworks RealPlayer 10 and 10.5 allows remote attackers to execute arbitrary code via a crafted image in a RealPlayer Skin (RJS) file. NOTE: due to the lack of details, it is unclear how this is different than CVE-2005-2629 and CVE-2005-2630, but the vendor advisory implies that it is different.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| realnetworks | realplayer | 10.5_6.0.12.1053 |
| realnetworks | realplayer | 10.0 |
| realnetworks | realplayer | 10.5_6.0.12.1235 |
| realnetworks | realplayer | 10.5_6.0.12.1059 |
| realnetworks | realplayer | 10.5_6.0.12.1040 |
| realnetworks | realplayer | 10.5_6.0.12.1056 |
| realnetworks | realplayer | 10.5_6.0.12.1069 |
** UNVERIFIABLE, PRERELEASE ** NOTE: this issue describes a problem that can not be independently verified as of 20051208. Unspecified vulnerability in unspecified versions of Real Networks RealPlayer allows attackers to execute arbitrary code. NOTE: the information regarding this issue is extremely vague and does not provide any verifiable information. It has been posted by a reliable reporter with a prerelease disclosure policy. This item has only been assigned a CVE identifier for tracking purposes, and to serve as a concrete example for discussion of the newly emerging UNVERIFIABLE and PRERELEASE content decisions in CVE, which must be discussed by the Editorial Board. Without additional details or independent verification by reliable sources, it is possible that this item might be RECAST or REJECTED.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| realnetworks | realplayer | 10.0 |
| realnetworks | realplayer | 10.0_beta |
| realnetworks | realplayer | 10.5_6.0.12.1235 |
| realnetworks | realplayer | 10.5_6.0.12.1059 |
| realnetworks | realplayer | 10.5_6.0.12.1040 |
| realnetworks | realplayer | 8.0 |
| realnetworks | realplayer | 10.5_6.0.12.1016_beta |
| realnetworks | realplayer | 6.0 |
| realnetworks | realplayer | 10.5_6.0.12.1053 |
| realnetworks | realplayer | 10.0_6.0.12.690 |
| realnetworks | realplayer | 10.5 |
| realnetworks | realplayer | 10.5_6.0.12.1056 |
| realnetworks | realplayer | 7.0 |
| realnetworks | realplayer | 10.5_6.0.12.1069 |
** UNVERIFIABLE, PRERELEASE ** NOTE: this issue describes a problem that can not be independently verified as of 20051208. Unspecified vulnerability in unspecified versions of Real Networks RealPlayer allows remote attackers to execute arbitrary code. NOTE: it is not known whether this issue should be MERGED with CVE-2005-4126. The information regarding this issue is extremely vague and does not provide any verifiable information. It has been posted by a reliable reporter with a prerelease disclosure policy. This item has only been assigned a CVE identifier for tracking purposes, and to serve as a concrete example for discussion of the newly emerging UNVERIFIABLE and PRERELEASE content decisions in CVE, which must be discussed by the Editorial Board. Without additional details or independent verification by reliable sources, it is possible that this item might be RECAST or REJECTED.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| realnetworks | realplayer | * |
Buffer overflow in swfformat.dll in multiple RealNetworks products and versions including RealPlayer 10.x, RealOne Player, Rhapsody 3, and Helix Player allows remote attackers to execute arbitrary code via a crafted SWF (Flash) file with (1) a size value that is less than the actual size, or (2) other unspecified manipulations.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| realnetworks | realplayer | 10.0 |
| realnetworks | realone_player | * |
| realnetworks | helix_player | * |
| realnetworks | realplayer | 10.5 |
| realnetworks | realplayer | 10.0.6 |
| realnetworks | rhapsody | 3 |
Buffer overflow in RealNetworks RealPlayer 10.5 6.0.12.1040 through 6.0.12.1348, RealPlayer 10, RealOne Player v2, RealOne Player v1, RealPlayer 8, and RealPlayer Enterprise before 20060322 allows remote attackers to have an unknown impact via a malicious Mimio boardCast (mbc) file.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| realnetworks | realplayer | 10.0 |
| realnetworks | realplayer | 10.5_6.0.12.1235 |
| realnetworks | realplayer | 10.5_6.0.12.1059 |
| realnetworks | realplayer | 10.5_6.0.12.1348 |
| realnetworks | realplayer | 10.5_6.0.12.1040 |
| realnetworks | realplayer | 8.0 |
| realnetworks | realplayer | 10.5_6.0.12.1053 |
| realnetworks | realone_player | 1.0 |
| realnetworks | realone_player | 2.0 |
| realnetworks | realplayer | 10.5_6.0.12.1056 |
| realnetworks | realplayer | * |
| realnetworks | realplayer | 10.5_6.0.12.1069 |
Heap-based buffer overflow in RealNetworks Helix DNA Server 10.0 and 11.0 allows remote attackers to execute arbitrary code via (1) a long User-Agent HTTP header in the RTSP service and (2) unspecified vectors involving the "parsing of HTTP URL schemes".
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| realnetworks | helix_dna_server | 10.0 |
| realnetworks | helix_dna_server | 11.0 |
The RealNetworks RealAudioObjects.RealAudio ActiveX control in rmoc3260.dll, as shipped with RealPlayer 11, allows remote attackers to cause a denial of service (browser crash) via a certain argument to the GetSourceTransport method.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| realnetworks | realplayer | 11.0 |
A certain ActiveX control in RealNetworks RealPlayer 11 allows remote attackers to cause a denial of service (application crash) via a malformed .au file that triggers a divide-by-zero error. NOTE: this might be related to CVE-2007-4904.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| realnetworks | realplayer | 11 |
Heap-based buffer overflow in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows remote attackers to execute arbitrary code via a file with invalid ASMRuleBook structures that trigger heap memory corruption.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| realnetworks | realplayer | 10.1 |
| realnetworks | realplayer | 10.0 |
| realnetworks | realplayer | 11.0.5 |
| realnetworks | helix_player | 10.0 |
| realnetworks | realplayer | 11.0.2 |
| realnetworks | realplayer_sp | 1.0.1 |
| realnetworks | helix_player | 11.0.1 |
| realnetworks | realplayer | 11.0.1 |
| realnetworks | realplayer | 11.0.0 |
| realnetworks | realplayer | 11.0 |
| realnetworks | realplayer_enterprise | * |
| realnetworks | realplayer | 10.5 |
| realnetworks | realplayer | 11.0.3 |
| realnetworks | realplayer | 11.0.4 |
| realnetworks | realplayer_sp | 1.0.0 |
| realnetworks | helix_player | 11.0.0 |
Heap-based buffer overflow in the CGIFCodec::GetPacketBuffer function in datatype/image/gif/common/gifcodec.cpp in RealNetworks RealPlayer 10; RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741; RealPlayer 11 11.0.0 through 11.0.4; RealPlayer Enterprise; Mac RealPlayer 10, 10.1, and 11.0; Linux RealPlayer 10; and Helix Player 10.x allows remote attackers to execute arbitrary code via a GIF file with crafted chunk sizes that trigger improper memory allocation.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| realnetworks | realplayer | 10.1 |
| realnetworks | realplayer | 10.0 |
| realnetworks | realplayer | 11.0.5 |
| realnetworks | helix_player | 10.0 |
| realnetworks | realplayer | 11.0.2 |
| realnetworks | realplayer_sp | 1.0.1 |
| realnetworks | helix_player | 11.0.1 |
| realnetworks | realplayer | 11.0.1 |
| realnetworks | realplayer | 11.0.0 |
| realnetworks | realplayer | 11.0 |
| realnetworks | realplayer_enterprise | * |
| realnetworks | realplayer | 10.5 |
| realnetworks | realplayer | 11.0.3 |
| realnetworks | realplayer | 11.0.4 |
| realnetworks | realplayer_sp | 1.0.0 |
| realnetworks | helix_player | 11.0.0 |
RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allow remote attackers to have an unspecified impact via a crafted media file that uses HTTP chunked transfer coding, related to an "overflow."
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| realnetworks | realplayer | 10.1 |
| realnetworks | realplayer | 10.0 |
| realnetworks | realplayer | 11.0.5 |
| realnetworks | helix_player | 10.0 |
| realnetworks | realplayer | 11.0.2 |
| realnetworks | realplayer_sp | 1.0.1 |
| realnetworks | helix_player | 11.0.1 |
| realnetworks | realplayer | 11.0.1 |
| realnetworks | realplayer | 11.0.0 |
| realnetworks | realplayer | 11.0 |
| realnetworks | realplayer_enterprise | * |
| realnetworks | realplayer | 10.5 |
| realnetworks | realplayer | 11.0.3 |
| realnetworks | realplayer | 11.0.4 |
| realnetworks | realplayer_sp | 1.0.0 |
| realnetworks | helix_player | 11.0.0 |
Heap-based buffer overflow in RealNetworks RealPlayer 10; RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741; RealPlayer 11 11.0.0 through 11.0.4; RealPlayer Enterprise; Mac RealPlayer 10, 10.1, and 11.0; Linux RealPlayer 10; and Helix Player 10.x allows remote attackers to execute arbitrary code via an SIPR codec field with a small length value that triggers incorrect memory allocation.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| realnetworks | realplayer | 10.1 |
| realnetworks | realplayer | 10.0 |
| realnetworks | realplayer | 11.0.5 |
| realnetworks | helix_player | 10.0 |
| realnetworks | realplayer | 11.0.2 |
| realnetworks | realplayer_sp | 1.0.1 |
| realnetworks | helix_player | 11.0.1 |
| realnetworks | realplayer | 11.0.1 |
| realnetworks | realplayer | 11.0.0 |
| realnetworks | realplayer | 11.0 |
| realnetworks | realplayer_enterprise | * |
| realnetworks | realplayer | 10.5 |
| realnetworks | realplayer | 11.0.3 |
| realnetworks | realplayer | 11.0.4 |
| realnetworks | realplayer_sp | 1.0.0 |
| realnetworks | helix_player | 11.0.0 |
Heap-based buffer overflow in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a compressed GIF file, related to gifcodec.cpp and gifimage.cpp.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| realnetworks | realplayer | 10.1 |
| realnetworks | realplayer | 10.0 |
| realnetworks | realplayer | 11.0.5 |
| realnetworks | helix_player | 10.0 |
| realnetworks | realplayer | 11.0.2 |
| realnetworks | realplayer_sp | 1.0.1 |
| realnetworks | helix_player | 11.0.1 |
| realnetworks | realplayer | 11.0.1 |
| realnetworks | realplayer | 11.0.0 |
| realnetworks | realplayer | 11.0 |
| realnetworks | realplayer_enterprise | * |
| realnetworks | realplayer | 10.5 |
| realnetworks | realplayer | 11.0.3 |
| realnetworks | realplayer | 11.0.4 |
| realnetworks | realplayer_sp | 1.0.0 |
| realnetworks | helix_player | 11.0.0 |
Stack-based buffer overflow in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows user-assisted remote attackers to execute arbitrary code via a malformed .RJS skin file that contains a web.xmb file with crafted length values.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| realnetworks | realplayer | 10.1 |
| realnetworks | realplayer | 10.0 |
| realnetworks | realplayer | 11.0.5 |
| realnetworks | helix_player | 10.0 |
| realnetworks | realplayer | 11.0.2 |
| realnetworks | realplayer_sp | 1.0.1 |
| realnetworks | helix_player | 11.0.1 |
| realnetworks | realplayer | 11.0.1 |
| realnetworks | realplayer | 11.0.0 |
| realnetworks | realplayer | 11.0 |
| realnetworks | realplayer_enterprise | * |
| realnetworks | realplayer | 10.5 |
| realnetworks | realplayer | 11.0.3 |
| realnetworks | realplayer | 11.0.4 |
| realnetworks | realplayer_sp | 1.0.0 |
| realnetworks | helix_player | 11.0.0 |
Stack-based buffer overflow in protocol/rtsp/rtspclnt.cpp in RealNetworks RealPlayer 10; RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741; RealPlayer 11 11.0.x; RealPlayer SP 1.0.0 and 1.0.1; RealPlayer Enterprise; Mac RealPlayer 10, 10.1, 11.0, and 11.0.1; Linux RealPlayer 10, 11.0.0, and 11.0.1; and Helix Player 10.x, 11.0.0, and 11.0.1 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an ASM RuleBook with a large number of rules, related to an "array overflow."
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| realnetworks | realplayer | 10.1 |
| realnetworks | realplayer | 10.0 |
| realnetworks | realplayer | 11.0.5 |
| realnetworks | helix_player | 10.0 |
| realnetworks | realplayer | 11.0.2 |
| realnetworks | realplayer_sp | 1.0.1 |
| realnetworks | helix_player | 11.0.1 |
| realnetworks | realplayer | 11.0.1 |
| realnetworks | realplayer | 11.0.0 |
| realnetworks | realplayer | 11.0 |
| realnetworks | realplayer_enterprise | * |
| realnetworks | realplayer | 10.5 |
| realnetworks | realplayer | 11.0.3 |
| realnetworks | realplayer | 11.0.4 |
| realnetworks | realplayer_sp | 1.0.0 |
| realnetworks | helix_player | 11.0.0 |
Buffer overflow in the RTSPProtocol::HandleSetParameterRequest function in client/core/rtspprotocol.cpp in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted RTSP SET_PARAMETER request.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| realnetworks | realplayer | 10.1 |
| realnetworks | realplayer | 10.0 |
| realnetworks | realplayer | 11.0.5 |
| realnetworks | helix_player | 10.0 |
| realnetworks | realplayer | 11.0.2 |
| realnetworks | realplayer_sp | 1.0.1 |
| realnetworks | helix_player | 11.0.1 |
| realnetworks | realplayer | 11.0.1 |
| realnetworks | realplayer | 11.0.0 |
| realnetworks | realplayer | 11.0 |
| realnetworks | realplayer_enterprise | * |
| realnetworks | realplayer | 10.5 |
| realnetworks | realplayer | 11.0.3 |
| realnetworks | realplayer | 11.0.4 |
| realnetworks | realplayer_sp | 1.0.0 |
| realnetworks | helix_player | 11.0.0 |
Heap-based buffer overflow in datatype/smil/common/smlpkt.cpp in smlrender.dll in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10 and 11.0.0, and Helix Player 10.x and 11.0.0 allows remote attackers to execute arbitrary code via an SMIL file with crafted string lengths.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| realnetworks | realplayer | 10.1 |
| realnetworks | realplayer | 10.0 |
| realnetworks | realplayer | 11.0.5 |
| realnetworks | helix_player | 10.0 |
| realnetworks | realplayer | 11.0.2 |
| realnetworks | realplayer_sp | 1.0.1 |
| realnetworks | helix_player | 11.0.1 |
| realnetworks | realplayer | 11.0.1 |
| realnetworks | realplayer | 11.0.0 |
| realnetworks | realplayer | 11.0 |
| realnetworks | realplayer_enterprise | * |
| realnetworks | realplayer | 10.5 |
| realnetworks | realplayer | 11.0.3 |
| realnetworks | realplayer | 11.0.4 |
| realnetworks | realplayer_sp | 1.0.0 |
| realnetworks | helix_player | 11.0.0 |
Integer overflow in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.4 on Windows might allow remote attackers to execute arbitrary code via a crafted QCP file that triggers a heap-based buffer overflow.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-189,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| realnetworks | realplayer_sp | 1.0.5 |
| realnetworks | realplayer_sp | 1.1.3 |
| realnetworks | realplayer | 11.1 |
| realnetworks | realplayer_sp | 1.1.4 |
| realnetworks | realplayer_sp | 1.1.1 |
| realnetworks | realplayer | 11.0 |
| realnetworks | realplayer_sp | 1.0.1 |
| realnetworks | realplayer_sp | 1.1 |
| realnetworks | realplayer_sp | 1.0.2 |
| realnetworks | realplayer_sp | 1.0.0 |
| realnetworks | realplayer_sp | 1.1.2 |
RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.4 on Windows do not properly handle dimensions during YUV420 transformations, which might allow remote attackers to execute arbitrary code via crafted MP4 content.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| realnetworks | realplayer_sp | 1.0.5 |
| realnetworks | realplayer_sp | 1.1.3 |
| realnetworks | realplayer | 11.1 |
| realnetworks | realplayer_sp | 1.1.4 |
| realnetworks | realplayer_sp | 1.1.1 |
| realnetworks | realplayer | 11.0 |
| realnetworks | realplayer_sp | 1.0.1 |
| realnetworks | realplayer_sp | 1.1 |
| realnetworks | realplayer_sp | 1.0.2 |
| realnetworks | realplayer_sp | 1.0.0 |
| realnetworks | realplayer_sp | 1.1.2 |
Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.4 on Windows allows remote attackers to execute arbitrary code via large size values in QCP audio content.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| realnetworks | realplayer_sp | 1.0.5 |
| realnetworks | realplayer_sp | 1.1.3 |
| realnetworks | realplayer | 11.1 |
| realnetworks | realplayer_sp | 1.1.4 |
| realnetworks | realplayer_sp | 1.1.1 |
| realnetworks | realplayer | 11.0 |
| realnetworks | realplayer_sp | 1.0.1 |
| realnetworks | realplayer_sp | 1.1 |
| realnetworks | realplayer_sp | 1.0.2 |
| realnetworks | realplayer_sp | 1.0.0 |
| realnetworks | realplayer_sp | 1.1.2 |
The cook codec in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.5, Mac RealPlayer 11.0 through 12.0.0.1444, and Linux RealPlayer 11.0.2.1744 does not properly perform initialization, which has unspecified impact and attack vectors.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| realnetworks | realplayer_sp | 1.0.5 |
| realnetworks | realplayer_sp | 1.1.4 |
| realnetworks | realplayer | 11.0.2.1744 |
| realnetworks | realplayer | 11.0.5 |
| realnetworks | realplayer | 11.0.2 |
| realnetworks | realplayer_sp | 1.0.1 |
| realnetworks | realplayer_sp | 1.1 |
| realnetworks | realplayer_sp | 1.0.2 |
| realnetworks | realplayer | 11.0.1 |
| realnetworks | realplayer_sp | 1.1.2 |
| realnetworks | realplayer_sp | 1.1.3 |
| realnetworks | realplayer | 11.1 |
| realnetworks | realplayer | 12.0.0.1444 |
| realnetworks | realplayer_sp | 1.1.1 |
| realnetworks | realplayer | 11.0 |
| realnetworks | realplayer | 11.0.3 |
| realnetworks | realplayer | 11.0.4 |
| realnetworks | realplayer_sp | 1.0.0 |
| realnetworks | realplayer_sp | 1.1.5 |
RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.4, RealPlayer Enterprise 2.1.2, and Mac RealPlayer 11.0 through 12.0.0.1444 do not properly parse spectral data in AAC files, which has unspecified impact and remote attack vectors.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| realnetworks | realplayer_sp | 1.0.5 |
| realnetworks | realplayer_sp | 1.1.4 |
| realnetworks | realplayer | 11.0.5 |
| realnetworks | realplayer | 11.0.2 |
| realnetworks | realplayer_sp | 1.0.1 |
| realnetworks | realplayer_sp | 1.1 |
| realnetworks | realplayer_sp | 1.0.2 |
| realnetworks | realplayer | 11.0.1 |
| realnetworks | realplayer_sp | 1.1.2 |
| realnetworks | realplayer_sp | 1.1.3 |
| realnetworks | realplayer | 11.1 |
| realnetworks | realplayer | 2.1.2 |
| realnetworks | realplayer | 12.0.0.1444 |
| realnetworks | realplayer_sp | 1.1.1 |
| realnetworks | realplayer | 11.0 |
| realnetworks | realplayer | 11.0.3 |
| realnetworks | realplayer | 11.0.4 |
| realnetworks | realplayer_sp | 1.0.0 |
Buffer overflow in the Unescape function in common/util/hxurl.cpp and player/hxclientkit/src/CHXClientSink.cpp in Helix Player 1.0.6 and RealPlayer allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a URL argument containing a % (percent) character that is not followed by two hex digits.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| realnetworks | realplayer | * |
| realnetworks | helix_player | 1.0.6 |
Buffer overflow in common/util/rlstate.cpp in Helix Player 1.0.6 and RealPlayer allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a RuleBook structure with a large number of rule-separator characters that trigger heap memory corruption.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| realnetworks | realplayer | * |
| realnetworks | helix_player | 1.0.6 |
Heap-based buffer overflow in the NTLM authentication functionality in RealNetworks Helix Server and Helix Mobile Server 11.x, 12.x, and 13.x allows remote attackers to have an unspecified impact via invalid base64-encoded data.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| realnetworks | helix_server_mobile | 13.0.0 |
| realnetworks | helix_dna_server | 11.1.2 |
| realnetworks | helix_dna_server | 11.1.3 |
| realnetworks | helix_server | 13.0.0 |
| realnetworks | helix_server_mobile | 12.0.0 |
| realnetworks | helix_server | 11.1 |
| realnetworks | helix_dna_server | 11.0 |
| realnetworks | helix_server | 11.0 |
| realnetworks | helix_dna_server | 13.0 |
| realnetworks | helix_dna_server | 11.1 |
| realnetworks | helix_server_mobile | 11.0 |
| realnetworks | helix_dna_server | 12.0 |
| realnetworks | helix_server | 12.0.0 |
Stack-based buffer overflow in the AgentX::receive_agentx function in AgentX++ 1.4.16, as used in RealNetworks Helix Server and Helix Mobile Server 11.x through 13.x and other products, allows remote attackers to execute arbitrary code via unspecified vectors.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| realnetworks | helix_server | 11.0 |
| realnetworks | helix_server_mobile | 13.0.0 |
| realnetworks | helix_server | * |
| realnetworks | helix_server_mobile | 11.0 |
| realnetworks | helix_server | 12.0.1 |
| realnetworks | helix_mobile_server | * |
| realnetworks | helix_server | 12.0.0 |
| realnetworks | helix_server_mobile | 12.0.0 |
| realnetworks | helix_server | 11.1 |
Integer overflow in the AgentX::receive_agentx function in AgentX++ 1.4.16, as used in RealNetworks Helix Server and Helix Mobile Server 11.x through 13.x and other products, allows remote attackers to execute arbitrary code via a request with a crafted payload length.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-189,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| realnetworks | helix_server | 11.0 |
| realnetworks | helix_server_mobile | 13.0.0 |
| realnetworks | helix_server | * |
| realnetworks | helix_server_mobile | 11.0 |
| realnetworks | helix_server | 12.0.1 |
| realnetworks | helix_mobile_server | * |
| realnetworks | helix_server | 12.0.0 |
| realnetworks | helix_server_mobile | 12.0.0 |
| realnetworks | helix_server | 11.1 |
Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.4, and RealPlayer Enterprise 2.1.2 allows remote attackers to have an unspecified impact via a crafted QCP file.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| realnetworks | realplayer_sp | 1.0.5 |
| realnetworks | realplayer_sp | 1.1.4 |
| realnetworks | realplayer | 11.0.5 |
| realnetworks | realplayer | 11.0.2 |
| realnetworks | realplayer_sp | 1.0.1 |
| realnetworks | realplayer_sp | 1.1 |
| realnetworks | realplayer_sp | 1.0.2 |
| realnetworks | realplayer | 11.0.1 |
| realnetworks | realplayer_sp | 1.1.2 |
| realnetworks | realplayer_sp | 1.1.3 |
| realnetworks | realplayer | 11.1 |
| realnetworks | realplayer | 2.1.2 |
| realnetworks | realplayer_sp | 1.1.1 |
| realnetworks | realplayer | 11.0 |
| realnetworks | realplayer | 11.0.3 |
| realnetworks | realplayer | 11.0.4 |
| realnetworks | realplayer_sp | 1.0.0 |
The cook codec in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.4, RealPlayer Enterprise 2.1.2, Mac RealPlayer 11.0 through 11.1, and Linux RealPlayer 11.0.2.1744 does not properly initialize the number of channels, which allows attackers to obtain unspecified "memory access" via unknown vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| realnetworks | realplayer_sp | 1.0.5 |
| realnetworks | realplayer_sp | 1.1.4 |
| realnetworks | realplayer | 11.0.2.1744 |
| realnetworks | realplayer | 11.0.5 |
| realnetworks | realplayer | 11.0.2 |
| realnetworks | realplayer_sp | 1.0.1 |
| realnetworks | realplayer_sp | 1.1 |
| realnetworks | realplayer_sp | 1.0.2 |
| realnetworks | realplayer | 11.0.1 |
| realnetworks | realplayer_sp | 1.1.2 |
| realnetworks | realplayer_sp | 1.1.3 |
| realnetworks | realplayer | 11.1 |
| realnetworks | realplayer_sp | 1.1.1 |
| realnetworks | realplayer | 11.0 |
| realnetworks | realplayer | 11.0.3 |
| realnetworks | realplayer | 11.0.4 |
| realnetworks | realplayer_sp | 1.0.0 |
Array index error in RealNetworks RealPlayer 11.0 through 11.1 on Windows allows remote attackers to execute arbitrary code via a malformed header in a RealMedia .IVR file.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-94,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| realnetworks | realplayer | 11.1 |
| realnetworks | realplayer | 11.0 |
Use-after-free vulnerability in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.0.1, Mac RealPlayer 11.0 through 11.1, Linux RealPlayer 11.0.2.1744, and possibly HelixPlayer 1.0.6 and other versions, allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted StreamTitle tag in an ICY SHOUTcast stream, related to the SMIL file format.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-399,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| realnetworks | realplayer | 11.1 |
| realnetworks | realplayer | 11.0.2.1744 |
| realnetworks | realplayer | 11.0.5 |
| realnetworks | realplayer | 11.0 |
| realnetworks | realplayer | 11.0.2 |
| realnetworks | realplayer_sp | 1.0.1 |
| realnetworks | realplayer | 11.0.3 |
| realnetworks | realplayer | 11.0.4 |
| realnetworks | realplayer | 11.0.1 |
| realnetworks | realplayer_sp | 1.0.0 |
Array index error in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.0.1 allows remote attackers to execute arbitrary code via malformed sample data in a RealMedia .IVR file, related to a "malformed IVR pointer index" issue.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| realnetworks | realplayer | 11.1 |
| realnetworks | realplayer | 11.0.5 |
| realnetworks | realplayer | 11.0 |
| realnetworks | realplayer | 11.0.2 |
| realnetworks | realplayer_sp | 1.0.1 |
| realnetworks | realplayer | 11.0.3 |
| realnetworks | realplayer | 11.0.4 |
| realnetworks | realplayer | 11.0.1 |
| realnetworks | realplayer_sp | 1.0.0 |
Integer overflow in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.0.1, Mac RealPlayer 11.0 through 11.1, and Linux RealPlayer 11.0.2.1744 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a malformed MLLT atom in an AAC file.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-189,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| realnetworks | realplayer | 11.1 |
| realnetworks | realplayer | 11.0.2.1744 |
| realnetworks | realplayer | 11.0.5 |
| realnetworks | realplayer | 11.0 |
| realnetworks | realplayer | 11.0.2 |
| realnetworks | realplayer_sp | 1.0.1 |
| realnetworks | realplayer | 11.0.3 |
| realnetworks | realplayer | 11.0.4 |
| realnetworks | realplayer | 11.0.1 |
| realnetworks | realplayer_sp | 1.0.0 |
Multiple integer overflows in the ParseKnownType function in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.4 on Windows allow remote attackers to execute arbitrary code via crafted (1) HX_FLV_META_AMF_TYPE_MIXEDARRAY or (2) HX_FLV_META_AMF_TYPE_ARRAY data in an FLV file.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-189,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| realnetworks | realplayer_sp | 1.0.5 |
| realnetworks | realplayer_sp | 1.1.3 |
| realnetworks | realplayer | 11.1 |
| realnetworks | realplayer_sp | 1.1.4 |
| realnetworks | realplayer_sp | 1.1.1 |
| realnetworks | realplayer | 11.0 |
| realnetworks | realplayer_sp | 1.0.1 |
| realnetworks | realplayer_sp | 1.1 |
| realnetworks | realplayer_sp | 1.0.2 |
| realnetworks | realplayer_sp | 1.0.0 |
| realnetworks | realplayer_sp | 1.1.2 |
Unspecified vulnerability in an ActiveX control in the Internet Explorer (IE) plugin in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.4 on Windows has unknown impact and attack vectors related to "multiple browser windows."
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| realnetworks | realplayer_sp | 1.0.5 |
| realnetworks | realplayer_sp | 1.1.3 |
| realnetworks | realplayer | 11.1 |
| realnetworks | realplayer_sp | 1.1.4 |
| realnetworks | realplayer_sp | 1.1.1 |
| realnetworks | realplayer | 11.0 |
| realnetworks | realplayer_sp | 1.0.1 |
| realnetworks | realplayer_sp | 1.1 |
| realnetworks | realplayer_sp | 1.0.2 |
| realnetworks | realplayer_sp | 1.0.0 |
| realnetworks | realplayer_sp | 1.1.2 |
Unspecified vulnerability in RealNetworks RealPlayer 11.0 through 11.1 allows attackers to bypass intended access restrictions on files via unknown vectors.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| realnetworks | realplayer | 11.1 |
| realnetworks | realplayer | 11.0 |
An ActiveX control in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.4, and RealPlayer Enterprise 2.1.2 does not properly initialize an unspecified object component during parsing of a CDDA URI, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized pointer dereference and application crash) via a long URI.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| realnetworks | realplayer_sp | 1.0.5 |
| realnetworks | realplayer_sp | 1.1.4 |
| realnetworks | realplayer | 11.0.5 |
| realnetworks | realplayer | 11.0.2 |
| realnetworks | realplayer_sp | 1.0.1 |
| realnetworks | realplayer_sp | 1.1 |
| realnetworks | realplayer_sp | 1.0.2 |
| realnetworks | realplayer | 11.0.1 |
| realnetworks | realplayer_sp | 1.1.2 |
| realnetworks | realplayer_sp | 1.1.3 |
| realnetworks | realplayer | 11.1 |
| realnetworks | realplayer | 2.1.2 |
| realnetworks | realplayer_sp | 1.1.1 |
| realnetworks | realplayer | 11.0 |
| realnetworks | realplayer | 11.0.3 |
| realnetworks | realplayer | 11.0.4 |
| realnetworks | realplayer_sp | 1.0.0 |
Stack-based buffer overflow in the RichFX component in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.4, and RealPlayer Enterprise 2.1.2 allows remote attackers to have an unspecified impact via unknown vectors.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| realnetworks | realplayer_sp | 1.0.5 |
| realnetworks | realplayer_sp | 1.1.4 |
| realnetworks | realplayer | 11.0.5 |
| realnetworks | realplayer | 11.0.2 |
| realnetworks | realplayer_sp | 1.0.1 |
| realnetworks | realplayer_sp | 1.1 |
| realnetworks | realplayer_sp | 1.0.2 |
| realnetworks | realplayer | 11.0.1 |
| realnetworks | realplayer_sp | 1.1.2 |
| realnetworks | realplayer_sp | 1.1.3 |
| realnetworks | realplayer | 11.1 |
| realnetworks | realplayer | 2.1.2 |
| realnetworks | realplayer_sp | 1.1.1 |
| realnetworks | realplayer | 11.0 |
| realnetworks | realplayer | 11.0.3 |
| realnetworks | realplayer | 11.0.4 |
| realnetworks | realplayer_sp | 1.0.0 |
The browser-plugin implementation in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1 allows remote attackers to arguments to the RecordClip method, which allows remote attackers to download an arbitrary program onto a client machine, and execute this program, via a " (double quote) in an argument to the RecordClip method, aka "parameter injection."
CVSS 2.0
Severity: HIGH
Problem Type: CWE-94,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| realnetworks | realplayer_sp | 1.0.5 |
| realnetworks | realplayer_sp | 1.1.4 |
| realnetworks | realplayer | 11.0.5 |
| realnetworks | realplayer | 11.0.2 |
| realnetworks | realplayer_sp | 1.0.1 |
| realnetworks | realplayer_sp | 1.1 |
| realnetworks | realplayer_sp | 1.0.2 |
| realnetworks | realplayer | 11.0.1 |
| realnetworks | realplayer_sp | 1.1.2 |
| realnetworks | realplayer_sp | 1.1.3 |
| realnetworks | realplayer | 11.1 |
| realnetworks | realplayer_sp | 1.1.1 |
| realnetworks | realplayer | 11.0 |
| realnetworks | realplayer | 11.0.3 |
| realnetworks | realplayer | 11.0.4 |
| realnetworks | realplayer_sp | 1.0.0 |
rjrmrpln.dll in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.4, and RealPlayer Enterprise 2.1.2 does not properly validate file contents that are used during interaction with a heap buffer, which allows remote attackers to execute arbitrary code via crafted Name Value Property (NVP) elements in logical streams in a media file.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| realnetworks | realplayer_sp | 1.0.5 |
| realnetworks | realplayer_sp | 1.1.4 |
| realnetworks | realplayer | 11.0.5 |
| realnetworks | realplayer | 11.0.2 |
| realnetworks | realplayer_sp | 1.0.1 |
| realnetworks | realplayer_sp | 1.1 |
| realnetworks | realplayer_sp | 1.0.2 |
| realnetworks | realplayer | 11.0.1 |
| realnetworks | realplayer_sp | 1.1.2 |
| realnetworks | realplayer_sp | 1.1.3 |
| realnetworks | realplayer | 11.1 |
| realnetworks | realplayer | 2.1.2 |
| realnetworks | realplayer_sp | 1.1.1 |
| realnetworks | realplayer | 11.0 |
| realnetworks | realplayer | 11.0.3 |
| realnetworks | realplayer | 11.0.4 |
| realnetworks | realplayer_sp | 1.0.0 |
Multiple heap-based buffer overflows in an ActiveX control in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.4 allow remote attackers to execute arbitrary code via a long .smil argument to the (1) tfile, (2) pnmm, or (3) cdda protocol handler.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| realnetworks | realplayer_sp | 1.0.5 |
| realnetworks | realplayer_sp | 1.1.4 |
| realnetworks | realplayer | 11.0.5 |
| realnetworks | realplayer | 11.0.2 |
| realnetworks | realplayer_sp | 1.0.1 |
| realnetworks | realplayer_sp | 1.1 |
| realnetworks | realplayer_sp | 1.0.2 |
| realnetworks | realplayer | 11.0.1 |
| realnetworks | realplayer_sp | 1.1.2 |
| realnetworks | realplayer_sp | 1.1.3 |
| realnetworks | realplayer | 11.1 |
| realnetworks | realplayer_sp | 1.1.1 |
| realnetworks | realplayer | 11.0 |
| realnetworks | realplayer | 11.0.3 |
| realnetworks | realplayer | 11.0.4 |
| realnetworks | realplayer_sp | 1.0.0 |
Format string vulnerability in RealNetworks Helix Server 12.x, 13.x, and 14.x before 14.2, and Helix Mobile Server 12.x, 13.x, and 14.x before 14.2, allows remote attackers to execute arbitrary code via vectors related to the x-wap-profile HTTP header.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-134,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| realnetworks | helix_server | 14.0.0 |
| realnetworks | helix_server | 14.0.1 |
| realnetworks | helix_server | 12.0.1 |
| realnetworks | helix_server | 13.1.1 |
| realnetworks | helix_mobile_server | 13.1.1 |
| realnetworks | helix_mobile_server | 14.0.1 |
| realnetworks | helix_server | 12.0.0 |
| realnetworks | helix_server | 13.0.0 |
| realnetworks | helix_mobile_server | 12.0 |
| realnetworks | helix_mobile_server | 14.0.0 |
Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11.1, Mac RealPlayer 11.0 through 11.1, Linux RealPlayer 11.0.2.1744, and possibly HelixPlayer 1.0.6 and other versions, allows remote attackers to execute arbitrary code via malformed multi-rate data in an audio stream.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| realnetworks | realplayer | 11.1 |
| realnetworks | realplayer | 11.0.2.1744 |
| realnetworks | realplayer | 11.0.5 |
| realnetworks | realplayer | 11.0 |
| realnetworks | realplayer | 11.0.2 |
| realnetworks | realplayer | 11.0.3 |
| realnetworks | realplayer | 11.0.4 |
| realnetworks | realplayer | 11.0.1 |
Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.1, Mac RealPlayer 11.0 through 11.1, and Linux RealPlayer 11.0.2.1744 allows remote attackers to execute arbitrary code via a large Screen Width value in the Screen Descriptor header of a GIF87a file in an RTSP stream.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| realnetworks | realplayer_sp | 1.0.5 |
| realnetworks | realplayer | 11.0.2.1744 |
| realnetworks | realplayer | 11.0.5 |
| realnetworks | realplayer | 11.0.2 |
| realnetworks | realplayer_sp | 1.0.1 |
| realnetworks | realplayer_sp | 1.1 |
| realnetworks | realplayer_sp | 1.0.2 |
| realnetworks | realplayer | 11.0.1 |
| realnetworks | realplayer | 11.1 |
| realnetworks | realplayer_sp | 1.1.1 |
| realnetworks | realplayer | 11.0 |
| realnetworks | realplayer | 11.0.3 |
| realnetworks | realplayer | 11.0.4 |
| realnetworks | realplayer_sp | 1.0.0 |
Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.5, Mac RealPlayer 11.0 through 12.0.0.1444, and Linux RealPlayer 11.0.2.1744 allows remote attackers to execute arbitrary code by specifying many subbands in cook audio codec information in a Real Audio file.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| realnetworks | realplayer_sp | 1.0.5 |
| realnetworks | realplayer_sp | 1.1.4 |
| realnetworks | realplayer | 11.0.2.1744 |
| realnetworks | realplayer | 11.0.5 |
| realnetworks | realplayer | 11.0.2 |
| realnetworks | realplayer_sp | 1.0.1 |
| realnetworks | realplayer_sp | 1.1 |
| realnetworks | realplayer_sp | 1.0.2 |
| realnetworks | realplayer | 11.0.1 |
| realnetworks | realplayer_sp | 1.1.2 |
| realnetworks | realplayer_sp | 1.1.3 |
| realnetworks | realplayer | 11.1 |
| realnetworks | realplayer | 12.0.0.1444 |
| realnetworks | realplayer_sp | 1.1.1 |
| realnetworks | realplayer | 11.0 |
| realnetworks | realplayer | 11.0.3 |
| realnetworks | realplayer | 11.0.4 |
| realnetworks | realplayer_sp | 1.0.0 |
| realnetworks | realplayer_sp | 1.1.5 |
The drv2.dll (aka RV20 decompression) module in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.5, RealPlayer Enterprise 2.1.2 and 2.1.3, Linux RealPlayer 11.0.2.1744, and possibly HelixPlayer 1.0.6 and other versions, allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted value of an unspecified length field in an RV20 video stream.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| realnetworks | realplayer_sp | 1.0.5 |
| realnetworks | realplayer_sp | 1.1.4 |
| realnetworks | realplayer | 11.0.2.1744 |
| realnetworks | realplayer | 11.0.5 |
| realnetworks | realplayer | 2.1.3 |
| realnetworks | realplayer | 11.0.2 |
| realnetworks | realplayer_sp | 1.0.1 |
| realnetworks | realplayer_sp | 1.1 |
| realnetworks | realplayer_sp | 1.0.2 |
| realnetworks | realplayer | 11.0.1 |
| realnetworks | realplayer_sp | 1.1.2 |
| realnetworks | realplayer_sp | 1.1.3 |
| realnetworks | realplayer | 11.1 |
| realnetworks | realplayer | 2.1.2 |
| realnetworks | realplayer_sp | 1.1.1 |
| realnetworks | realplayer | 11.0 |
| realnetworks | realplayer | 11.0.3 |
| realnetworks | realplayer | 11.0.4 |
| realnetworks | realplayer_sp | 1.0.0 |
| realnetworks | realplayer_sp | 1.1.5 |
Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.4, RealPlayer Enterprise 2.1.2, Mac RealPlayer 11.0 through 11.1, Linux RealPlayer 11.0.2.1744, and possibly HelixPlayer 1.0.6 and other versions, allows remote attackers to have an unspecified impact via a crafted SIPR file.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| realnetworks | realplayer_sp | 1.0.5 |
| realnetworks | realplayer_sp | 1.1.4 |
| realnetworks | realplayer | 11.0.2.1744 |
| realnetworks | realplayer | 11.0.5 |
| realnetworks | realplayer | 11.0.2 |
| realnetworks | realplayer_sp | 1.0.1 |
| realnetworks | realplayer_sp | 1.1 |
| realnetworks | realplayer_sp | 1.0.2 |
| realnetworks | realplayer | 11.0.1 |
| realnetworks | realplayer_sp | 1.1.2 |
| realnetworks | realplayer_sp | 1.1.3 |
| realnetworks | realplayer | 11.1 |
| realnetworks | realplayer | 2.1.2 |
| realnetworks | realplayer_sp | 1.1.1 |
| realnetworks | realplayer | 11.0 |
| realnetworks | realplayer | 11.0.3 |
| realnetworks | realplayer | 11.0.4 |
| realnetworks | realplayer_sp | 1.0.0 |
Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.4, and RealPlayer Enterprise 2.1.2 allows remote attackers to have an unspecified impact via a crafted SOUND file.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| realnetworks | realplayer_sp | 1.0.5 |
| realnetworks | realplayer_sp | 1.1.4 |
| realnetworks | realplayer | 11.0.5 |
| realnetworks | realplayer | 11.0.2 |
| realnetworks | realplayer_sp | 1.0.1 |
| realnetworks | realplayer_sp | 1.1 |
| realnetworks | realplayer_sp | 1.0.2 |
| realnetworks | realplayer | 11.0.1 |
| realnetworks | realplayer_sp | 1.1.2 |
| realnetworks | realplayer_sp | 1.1.3 |
| realnetworks | realplayer | 11.1 |
| realnetworks | realplayer | 2.1.2 |
| realnetworks | realplayer_sp | 1.1.1 |
| realnetworks | realplayer | 11.0 |
| realnetworks | realplayer | 11.0.3 |
| realnetworks | realplayer | 11.0.4 |
| realnetworks | realplayer_sp | 1.0.0 |
Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.4, RealPlayer Enterprise 2.1.2, and Mac RealPlayer 11.0 through 12.0.0.1444 allows remote attackers to have an unspecified impact via a crafted AAC file.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| realnetworks | realplayer_sp | 1.0.5 |
| realnetworks | realplayer_sp | 1.1.4 |
| realnetworks | realplayer | 11.0.5 |
| realnetworks | realplayer | 11.0.2 |
| realnetworks | realplayer_sp | 1.0.1 |
| realnetworks | realplayer_sp | 1.1 |
| realnetworks | realplayer_sp | 1.0.2 |
| realnetworks | realplayer | 11.0.1 |
| realnetworks | realplayer_sp | 1.1.2 |
| realnetworks | realplayer_sp | 1.1.3 |
| realnetworks | realplayer | 11.1 |
| realnetworks | realplayer | 2.1.2 |
| realnetworks | realplayer | 12.0.0.1444 |
| realnetworks | realplayer_sp | 1.1.1 |
| realnetworks | realplayer | 11.0 |
| realnetworks | realplayer | 11.0.3 |
| realnetworks | realplayer | 11.0.4 |
| realnetworks | realplayer_sp | 1.0.0 |
Multiple heap-based buffer overflows in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.4, RealPlayer Enterprise 2.1.2, Linux RealPlayer 11.0.2.1744, and possibly HelixPlayer 1.0.6 and other versions, allow remote attackers to have an unspecified impact via a crafted RealMedia file.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| realnetworks | realplayer_sp | 1.0.5 |
| realnetworks | realplayer_sp | 1.1.4 |
| realnetworks | realplayer | 11.0.2.1744 |
| realnetworks | realplayer | 11.0.5 |
| realnetworks | realplayer | 11.0.2 |
| realnetworks | realplayer_sp | 1.0.1 |
| realnetworks | realplayer_sp | 1.1 |
| realnetworks | realplayer_sp | 1.0.2 |
| realnetworks | realplayer | 11.0.1 |
| realnetworks | realplayer_sp | 1.1.2 |
| realnetworks | realplayer_sp | 1.1.3 |
| realnetworks | realplayer | 11.1 |
| realnetworks | realplayer | 2.1.2 |
| realnetworks | realplayer_sp | 1.1.1 |
| realnetworks | realplayer | 11.0 |
| realnetworks | realplayer | 11.0.3 |
| realnetworks | realplayer | 11.0.4 |
| realnetworks | realplayer_sp | 1.0.0 |
Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.4, RealPlayer Enterprise 2.1.2, Mac RealPlayer 11.0 through 12.0.0.1444, Linux RealPlayer 11.0.2.1744, and possibly HelixPlayer 1.0.6 and other versions, allows remote attackers to have an unspecified impact via a crafted RA5 file.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| realnetworks | realplayer_sp | 1.0.5 |
| realnetworks | realplayer_sp | 1.1.4 |
| realnetworks | realplayer | 11.0.2.1744 |
| realnetworks | realplayer | 11.0.5 |
| realnetworks | realplayer | 11.0.2 |
| realnetworks | realplayer_sp | 1.0.1 |
| realnetworks | realplayer_sp | 1.1 |
| realnetworks | realplayer_sp | 1.0.2 |
| realnetworks | realplayer | 11.0.1 |
| realnetworks | realplayer_sp | 1.1.2 |
| realnetworks | realplayer_sp | 1.1.3 |
| realnetworks | realplayer | 11.1 |
| realnetworks | realplayer | 2.1.2 |
| realnetworks | realplayer | 12.0.0.1444 |
| realnetworks | realplayer_sp | 1.1.1 |
| realnetworks | realplayer | 11.0 |
| realnetworks | realplayer | 11.0.3 |
| realnetworks | realplayer | 11.0.4 |
| realnetworks | realplayer_sp | 1.0.0 |
Array index error in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer Enterprise 2.1.2, Mac RealPlayer 11.0 through 11.1, Linux RealPlayer 11.0.2.1744, and possibly HelixPlayer 1.0.6 and other versions, allows remote attackers to execute arbitrary code via a malformed Media Properties Header (aka MDPR) in a RealMedia file.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| realnetworks | realplayer | 11.1 |
| realnetworks | realplayer | 2.1.2 |
| realnetworks | realplayer | 11.0.2.1744 |
| realnetworks | realplayer | 11.0.5 |
| realnetworks | realplayer | 11.0 |
| realnetworks | realplayer | 11.0.2 |
| realnetworks | realplayer | 11.0.3 |
| realnetworks | realplayer | 11.0.4 |
| realnetworks | realplayer | 11.0.1 |
Integer overflow in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.4, RealPlayer Enterprise 2.1.2, Linux RealPlayer 11.0.2.1744, and possibly HelixPlayer 1.0.6 and other versions, allows remote attackers to have an unspecified impact via crafted frame dimensions in an SIPR stream.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-189,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| realnetworks | realplayer_sp | 1.0.5 |
| realnetworks | realplayer_sp | 1.1.4 |
| realnetworks | realplayer | 11.0.2.1744 |
| realnetworks | realplayer | 11.0.5 |
| realnetworks | realplayer | 11.0.2 |
| realnetworks | realplayer_sp | 1.0.1 |
| realnetworks | realplayer_sp | 1.1 |
| realnetworks | realplayer_sp | 1.0.2 |
| realnetworks | realplayer | 11.0.1 |
| realnetworks | realplayer_sp | 1.1.2 |
| realnetworks | realplayer_sp | 1.1.3 |
| realnetworks | realplayer | 11.1 |
| realnetworks | realplayer | 2.1.2 |
| realnetworks | realplayer_sp | 1.1.1 |
| realnetworks | realplayer | 11.0 |
| realnetworks | realplayer | 11.0.3 |
| realnetworks | realplayer | 11.0.4 |
| realnetworks | realplayer_sp | 1.0.0 |
RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.4, Linux RealPlayer 11.0.2.1744, and possibly HelixPlayer 1.0.6 and other versions, allow remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted RealMedia video file.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| realnetworks | realplayer_sp | 1.0.5 |
| realnetworks | realplayer_sp | 1.1.4 |
| realnetworks | realplayer | 11.0.2.1744 |
| realnetworks | realplayer | 11.0.5 |
| realnetworks | realplayer | 11.0.2 |
| realnetworks | realplayer_sp | 1.0.1 |
| realnetworks | realplayer_sp | 1.1 |
| realnetworks | realplayer_sp | 1.0.2 |
| realnetworks | realplayer | 11.0.1 |
| realnetworks | realplayer_sp | 1.1.2 |
| realnetworks | realplayer_sp | 1.1.3 |
| realnetworks | realplayer | 11.1 |
| realnetworks | realplayer_sp | 1.1.1 |
| realnetworks | realplayer | 11.0 |
| realnetworks | realplayer | 11.0.3 |
| realnetworks | realplayer | 11.0.4 |
| realnetworks | realplayer_sp | 1.0.0 |
The RealAudio codec in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.4, Mac RealPlayer 11.0 through 12.0.0.1444, and Linux RealPlayer 11.0.2.1744 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted audio stream in a RealMedia file.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| realnetworks | realplayer_sp | 1.0.5 |
| realnetworks | realplayer_sp | 1.1.4 |
| realnetworks | realplayer | 11.0.2.1744 |
| realnetworks | realplayer | 11.0.5 |
| realnetworks | realplayer | 11.0.2 |
| realnetworks | realplayer_sp | 1.0.1 |
| realnetworks | realplayer_sp | 1.1 |
| realnetworks | realplayer_sp | 1.0.2 |
| realnetworks | realplayer | 11.0.1 |
| realnetworks | realplayer_sp | 1.1.2 |
| realnetworks | realplayer_sp | 1.1.3 |
| realnetworks | realplayer | 11.1 |
| realnetworks | realplayer | 12.0.0.1444 |
| realnetworks | realplayer_sp | 1.1.1 |
| realnetworks | realplayer | 11.0 |
| realnetworks | realplayer | 11.0.3 |
| realnetworks | realplayer | 11.0.4 |
| realnetworks | realplayer_sp | 1.0.0 |
The (1) Upsell.htm, (2) Main.html, and (3) Custsupport.html components in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.5, and RealPlayer Enterprise 2.1.2 and 2.1.3 allow remote attackers to inject code into the RealOneActiveXObject process, and consequently bypass intended Local Machine Zone restrictions and load arbitrary ActiveX controls, via unspecified vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| realnetworks | realplayer_sp | 1.0.5 |
| realnetworks | realplayer_sp | 1.1.4 |
| realnetworks | realplayer | 11.0.5 |
| realnetworks | realplayer | 2.1.3 |
| realnetworks | realplayer | 11.0.2 |
| realnetworks | realplayer_sp | 1.0.1 |
| realnetworks | realplayer_sp | 1.1 |
| realnetworks | realplayer_sp | 1.0.2 |
| realnetworks | realplayer | 11.0.1 |
| realnetworks | realplayer_sp | 1.1.2 |
| realnetworks | realplayer_sp | 1.1.3 |
| realnetworks | realplayer | 11.1 |
| realnetworks | realplayer | 2.1.2 |
| realnetworks | realplayer_sp | 1.1.1 |
| realnetworks | realplayer | 11.0 |
| realnetworks | realplayer | 11.0.3 |
| realnetworks | realplayer | 11.0.4 |
| realnetworks | realplayer_sp | 1.0.0 |
| realnetworks | realplayer_sp | 1.1.5 |
Heap-based buffer overflow in the cook codec in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.5, and Linux RealPlayer 11.0.2.1744 allows remote attackers to execute arbitrary code via unspecified data in the initialization buffer.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| realnetworks | realplayer_sp | 1.0.5 |
| realnetworks | realplayer_sp | 1.1.4 |
| realnetworks | realplayer | 11.0.2.1744 |
| realnetworks | realplayer | 11.0.5 |
| realnetworks | realplayer | 11.0.2 |
| realnetworks | realplayer_sp | 1.0.1 |
| realnetworks | realplayer_sp | 1.1 |
| realnetworks | realplayer_sp | 1.0.2 |
| realnetworks | realplayer | 11.0.1 |
| realnetworks | realplayer_sp | 1.1.2 |
| realnetworks | realplayer_sp | 1.1.3 |
| realnetworks | realplayer | 11.1 |
| realnetworks | realplayer_sp | 1.1.1 |
| realnetworks | realplayer | 11.0 |
| realnetworks | realplayer | 11.0.3 |
| realnetworks | realplayer | 11.0.4 |
| realnetworks | realplayer_sp | 1.0.0 |
| realnetworks | realplayer_sp | 1.1.5 |
Multiple heap-based buffer overflows in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.5, and Linux RealPlayer 11.0.2.1744 allow remote attackers to have an unspecified impact via a crafted header in an IVR file.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| realnetworks | realplayer_sp | 1.0.5 |
| realnetworks | realplayer_sp | 1.1.4 |
| realnetworks | realplayer | 11.0.2.1744 |
| realnetworks | realplayer | 11.0.5 |
| realnetworks | realplayer | 11.0.2 |
| realnetworks | realplayer_sp | 1.0.1 |
| realnetworks | realplayer_sp | 1.1 |
| realnetworks | realplayer_sp | 1.0.2 |
| realnetworks | realplayer | 11.0.1 |
| realnetworks | realplayer_sp | 1.1.2 |
| realnetworks | realplayer_sp | 1.1.3 |
| realnetworks | realplayer | 11.1 |
| realnetworks | realplayer_sp | 1.1.1 |
| realnetworks | realplayer | 11.0 |
| realnetworks | realplayer | 11.0.3 |
| realnetworks | realplayer | 11.0.4 |
| realnetworks | realplayer_sp | 1.0.0 |
| realnetworks | realplayer_sp | 1.1.5 |
Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.5, and RealPlayer Enterprise 2.1.2 and 2.1.3 allows remote attackers to execute arbitrary code via a crafted value in an unspecified header field in an RMX file.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| realnetworks | realplayer_sp | 1.0.5 |
| realnetworks | realplayer_sp | 1.1.4 |
| realnetworks | realplayer | 11.0.5 |
| realnetworks | realplayer | 2.1.3 |
| realnetworks | realplayer | 11.0.2 |
| realnetworks | realplayer_sp | 1.0.1 |
| realnetworks | realplayer_sp | 1.1 |
| realnetworks | realplayer_sp | 1.0.2 |
| realnetworks | realplayer | 11.0.1 |
| realnetworks | realplayer_sp | 1.1.2 |
| realnetworks | realplayer_sp | 1.1.3 |
| realnetworks | realplayer | 11.1 |
| realnetworks | realplayer | 2.1.2 |
| realnetworks | realplayer_sp | 1.1.1 |
| realnetworks | realplayer | 11.0 |
| realnetworks | realplayer | 11.0.3 |
| realnetworks | realplayer | 11.0.4 |
| realnetworks | realplayer_sp | 1.0.0 |
| realnetworks | realplayer_sp | 1.1.5 |
Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.5, RealPlayer Enterprise 2.1.2 and 2.1.3, Linux RealPlayer 11.0.2.1744, and possibly HelixPlayer 1.0.6 and other versions, allows remote attackers to execute arbitrary code via crafted ImageMap data in a RealMedia file, related to certain improper integer calculations.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| realnetworks | realplayer_sp | 1.0.5 |
| realnetworks | realplayer_sp | 1.1.4 |
| realnetworks | realplayer | 11.0.2.1744 |
| realnetworks | realplayer | 11.0.5 |
| realnetworks | realplayer | 2.1.3 |
| realnetworks | realplayer | 11.0.2 |
| realnetworks | realplayer_sp | 1.0.1 |
| realnetworks | realplayer_sp | 1.1 |
| realnetworks | realplayer_sp | 1.0.2 |
| realnetworks | realplayer | 11.0.1 |
| realnetworks | realplayer_sp | 1.1.2 |
| realnetworks | realplayer_sp | 1.1.3 |
| realnetworks | realplayer | 11.1 |
| realnetworks | realplayer | 2.1.2 |
| realnetworks | realplayer_sp | 1.1.1 |
| realnetworks | realplayer | 11.0 |
| realnetworks | realplayer | 11.0.3 |
| realnetworks | realplayer | 11.0.4 |
| realnetworks | realplayer_sp | 1.0.0 |
| realnetworks | realplayer_sp | 1.1.5 |
Heap-based buffer overflow in vidplin.dll in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.x before 14.0.2, and RealPlayer SP 1.0 through 1.1.5, allows remote attackers to execute arbitrary code via a crafted header in an AVI file.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| realnetworks | realplayer_sp | 1.0.5 |
| realnetworks | realplayer_sp | 1.1.4 |
| realnetworks | realplayer_sp | 1.0.1 |
| realnetworks | realplayer_sp | 1.1 |
| realnetworks | realplayer | 14.0.0 |
| realnetworks | realplayer_sp | 1.0.2 |
| realnetworks | realplayer_sp | 1.1.2 |
| realnetworks | realplayer_sp | 1.1.3 |
| realnetworks | realplayer | 11.1 |
| realnetworks | realplayer_sp | 1.1.1 |
| realnetworks | realplayer | 11.0 |
| realnetworks | realplayer | 14.0.1 |
| realnetworks | realplayer_sp | 1.0.0 |
| realnetworks | realplayer_sp | 1.1.5 |
Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.5 allows remote web servers to execute arbitrary code via a long Server header in a response to an HTTP request that occurs during parsing of a RealPix file.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| realnetworks | realplayer_sp | 1.0.5 |
| realnetworks | realplayer_sp | 1.1.4 |
| realnetworks | realplayer | 11.0.5 |
| realnetworks | realplayer | 11.0.2 |
| realnetworks | realplayer_sp | 1.0.1 |
| realnetworks | realplayer_sp | 1.1 |
| realnetworks | realplayer_sp | 1.0.2 |
| realnetworks | realplayer | 11.0.1 |
| realnetworks | realplayer_sp | 1.1.2 |
| realnetworks | realplayer_sp | 1.1.3 |
| realnetworks | realplayer | 11.1 |
| realnetworks | realplayer_sp | 1.1.1 |
| realnetworks | realplayer | 11.0 |
| realnetworks | realplayer | 11.0.3 |
| realnetworks | realplayer | 11.0.4 |
| realnetworks | realplayer_sp | 1.0.0 |
| realnetworks | realplayer_sp | 1.1.5 |
Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.5, and Linux RealPlayer 11.0.2.1744 allows remote attackers to execute arbitrary code via a crafted conditional component in AAC frame data.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| realnetworks | realplayer_sp | 1.0.5 |
| realnetworks | realplayer_sp | 1.1.4 |
| realnetworks | realplayer | 11.0.2.1744 |
| realnetworks | realplayer | 11.0.5 |
| realnetworks | realplayer | 11.0.2 |
| realnetworks | realplayer_sp | 1.0.1 |
| realnetworks | realplayer_sp | 1.1 |
| realnetworks | realplayer_sp | 1.0.2 |
| realnetworks | realplayer | 11.0.1 |
| realnetworks | realplayer_sp | 1.1.2 |
| realnetworks | realplayer_sp | 1.1.3 |
| realnetworks | realplayer | 11.1 |
| realnetworks | realplayer_sp | 1.1.1 |
| realnetworks | realplayer | 11.0 |
| realnetworks | realplayer | 11.0.3 |
| realnetworks | realplayer | 11.0.4 |
| realnetworks | realplayer_sp | 1.0.0 |
| realnetworks | realplayer_sp | 1.1.5 |
Cross-zone scripting vulnerability in the HandleAction method in a certain ActiveX control in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.5, and RealPlayer Enterprise 2.1.2 allows remote attackers to inject arbitrary web script or HTML in the Local Zone by specifying a local file in a NavigateToURL action, as demonstrated by a local skin file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| realnetworks | realplayer_sp | 1.0.5 |
| realnetworks | realplayer_sp | 1.1.4 |
| realnetworks | realplayer | 11.0.5 |
| realnetworks | realplayer | 11.0.2 |
| realnetworks | realplayer_sp | 1.0.1 |
| realnetworks | realplayer_sp | 1.1 |
| realnetworks | realplayer_sp | 1.0.2 |
| realnetworks | realplayer | 11.0.1 |
| realnetworks | realplayer_sp | 1.1.2 |
| realnetworks | realplayer_sp | 1.1.3 |
| realnetworks | realplayer | 11.1 |
| realnetworks | realplayer | 2.1.2 |
| realnetworks | realplayer_sp | 1.1.1 |
| realnetworks | realplayer | 11.0 |
| realnetworks | realplayer | 11.0.3 |
| realnetworks | realplayer | 11.0.4 |
| realnetworks | realplayer_sp | 1.0.0 |
| realnetworks | realplayer_sp | 1.1.5 |
Integer overflow in the pnen3260.dll module in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.1, Mac RealPlayer 11.0 through 11.1, and Linux RealPlayer 11.0.2.1744 allows remote attackers to execute arbitrary code via a crafted TIT2 atom in an AAC file.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-189,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| realnetworks | realplayer_sp | 1.0.5 |
| realnetworks | realplayer | 11.0.2.1744 |
| realnetworks | realplayer | 11.0.5 |
| realnetworks | realplayer | 11.0.2 |
| realnetworks | realplayer_sp | 1.0.1 |
| realnetworks | realplayer_sp | 1.1 |
| realnetworks | realplayer_sp | 1.0.2 |
| realnetworks | realplayer | 11.0.1 |
| realnetworks | realplayer | 11.1 |
| realnetworks | realplayer_sp | 1.1.1 |
| realnetworks | realplayer | 11.0 |
| realnetworks | realplayer | 11.0.3 |
| realnetworks | realplayer | 11.0.4 |
| realnetworks | realplayer_sp | 1.0.0 |
Stack-based buffer overflow in RealNetworks Helix Server 12.x, 13.x, and 14.x before 14.2, and Helix Mobile Server 12.x, 13.x, and 14.x before 14.2, allows remote attackers to execute arbitrary code via a long string in an RTSP request.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| realnetworks | helix_server | 14.0.0 |
| realnetworks | helix_server | 14.0.1 |
| realnetworks | helix_server | 12.0.1 |
| realnetworks | helix_server | 13.1.1 |
| realnetworks | helix_mobile_server | 13.1.1 |
| realnetworks | helix_mobile_server | 14.0.1 |
| realnetworks | helix_server | 12.0.0 |
| realnetworks | helix_server | 13.0.0 |
| realnetworks | helix_mobile_server | 12.0 |
| realnetworks | helix_mobile_server | 14.0.0 |
RealNetworks RealPlayer 11.0 through 11.1, SP 1.0 through 1.1.5, and 14.0.0 through 14.0.1, and Enterprise 2.0 through 2.1.4, uses predictable names for temporary files, which allows remote attackers to conduct cross-domain scripting attacks and execute arbitrary code via the OpenURLinPlayerBrowser function.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| realnetworks | realplayer_sp | 1.0.5 |
| realnetworks | realplayer_sp | 1.1.4 |
| realnetworks | realplayer | 2.1.3 |
| realnetworks | realplayer | 2.0 |
| realnetworks | realplayer_sp | 1.0.1 |
| realnetworks | realplayer | 2.1.4 |
| realnetworks | realplayer_sp | 1.1 |
| realnetworks | realplayer | 14.0.0 |
| realnetworks | realplayer_sp | 1.0.2 |
| realnetworks | realplayer_sp | 1.1.2 |
| realnetworks | realplayer_sp | 1.1.3 |
| realnetworks | realplayer | 11.1 |
| realnetworks | realplayer | 2.1.2 |
| realnetworks | realplayer_sp | 1.1.1 |
| realnetworks | realplayer | 11.0 |
| realnetworks | realplayer | 2.1 |
| realnetworks | realplayer | 14.0.1 |
| realnetworks | realplayer_sp | 1.0.0 |
| realnetworks | realplayer_sp | 1.1.5 |
Cross-zone scripting vulnerability in the RealPlayer ActiveX control in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5, RealPlayer SP 1.0 through 1.1.5, and RealPlayer Enterprise 2.0 through 2.1.5 allows remote attackers to inject arbitrary web script or HTML in the Local Zone via a local HTML document, a different vulnerability than CVE-2011-2947.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| realnetworks | realplayer_sp | 1.0.5 |
| realnetworks | realplayer_sp | 1.1.4 |
| realnetworks | realplayer | 14.0.2 |
| realnetworks | realplayer | 14.0.3 |
| realnetworks | realplayer_sp | 1.1 |
| realnetworks | realplayer | 14.0.0 |
| realnetworks | realplayer_sp | 1.0.2 |
| realnetworks | realplayer | 11.1 |
| realnetworks | realplayer | 2.1.2 |
| realnetworks | realplayer_sp | 1.1.1 |
| realnetworks | realplayer_sp | 1.1.5 |
| realnetworks | realplayer | 14.0.5 |
| realnetworks | realplayer | 2.1.3 |
| realnetworks | realplayer | 14.0.4 |
| realnetworks | realplayer | 2.0 |
| realnetworks | realplayer_sp | 1.0.1 |
| realnetworks | realplayer | 2.1.4 |
| realnetworks | realplayer | 2.1.5 |
| realnetworks | realplayer_sp | 1.1.2 |
| realnetworks | realplayer_sp | 1.1.3 |
| realnetworks | realplayer | 11.0 |
| realnetworks | realplayer | 2.1 |
| realnetworks | realplayer | 14.0.1 |
| realnetworks | realplayer_sp | 1.0.0 |
The OpenURLInDefaultBrowser method in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.2, and RealPlayer SP 1.0 through 1.1.5, launches a default handler for the filename specified in the first argument, which allows remote attackers to execute arbitrary code via a .rnx filename corresponding to a crafted RNX file.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| realnetworks | realplayer_sp | 1.0.5 |
| realnetworks | realplayer_sp | 1.1.4 |
| realnetworks | realplayer | 14.0.2 |
| realnetworks | realplayer_sp | 1.0.1 |
| realnetworks | realplayer_sp | 1.1 |
| realnetworks | realplayer | 14.0.0 |
| realnetworks | realplayer_sp | 1.0.2 |
| realnetworks | realplayer_sp | 1.1.2 |
| realnetworks | realplayer_sp | 1.1.3 |
| realnetworks | realplayer | 11.1 |
| realnetworks | realplayer_sp | 1.1.1 |
| realnetworks | realplayer | 11.0 |
| realnetworks | realplayer | 14.0.1 |
| realnetworks | realplayer_sp | 1.0.0 |
| realnetworks | realplayer_sp | 1.1.5 |
Heap-based buffer overflow in rvrender.dll in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.2, and RealPlayer SP 1.0 through 1.1.5, allows remote attackers to execute arbitrary code via a crafted frame in an Internet Video Recording (IVR) file.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| realnetworks | realplayer | 10.0 |
| realnetworks | realplayer | 11.0.2.1744 |
| realnetworks | realplayer | 11.0.5 |
| realnetworks | realplayer | 11.0.2 |
| realnetworks | realplayer | 7 |
| realnetworks | realplayer | 8 |
| realnetworks | realplayer | 11.1.3 |
| realnetworks | realplayer | 14.0.0 |
| realnetworks | realplayer | 11.0.1 |
| realnetworks | realplayer | 4 |
| realnetworks | realplayer | 11.1 |
| realnetworks | realplayer | 11.0.4 |
| realnetworks | realplayer | * |
| realnetworks | realplayer | 6 |
| realnetworks | realplayer | 11.0.2.2315 |
| realnetworks | realplayer | 5 |
| realnetworks | realplayer | 14.0.1.609 |
| realnetworks | realplayer | 11_build_6.0.14.748 |
| realnetworks | realplayer | 12.0.0.1444 |
| realnetworks | realplayer | 11.0 |
| realnetworks | realplayer | 10.5 |
| realnetworks | realplayer | 12.0.0.1548 |
| realnetworks | realplayer | 14.0.1 |
| realnetworks | realplayer | 11.0.3 |
Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5 and RealPlayer SP 1.0 through 1.1.5 allows remote attackers to execute arbitrary code via a crafted SIPR stream.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| realnetworks | realplayer_sp | 1.0.5 |
| realnetworks | realplayer_sp | 1.1.4 |
| realnetworks | realplayer | 14.0.4 |
| realnetworks | realplayer | 14.0.2 |
| realnetworks | realplayer_sp | 1.0.1 |
| realnetworks | realplayer | 14.0.3 |
| realnetworks | realplayer_sp | 1.1 |
| realnetworks | realplayer | 14.0.0 |
| realnetworks | realplayer_sp | 1.0.2 |
| realnetworks | realplayer_sp | 1.1.2 |
| realnetworks | realplayer_sp | 1.1.3 |
| realnetworks | realplayer | 11.1 |
| realnetworks | realplayer_sp | 1.1.1 |
| realnetworks | realplayer | 11.0 |
| realnetworks | realplayer | 14.0.1 |
| realnetworks | realplayer_sp | 1.0.0 |
| realnetworks | realplayer_sp | 1.1.5 |
| realnetworks | realplayer | 14.0.5 |
Unspecified vulnerability in an ActiveX control in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5, RealPlayer SP 1.0 through 1.1.5, and RealPlayer Enterprise 2.0 through 2.1.5 allows remote attackers to execute arbitrary code via unknown vectors.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| realnetworks | realplayer_sp | 1.0.5 |
| realnetworks | realplayer_sp | 1.1.4 |
| realnetworks | realplayer | 2.1.3 |
| realnetworks | realplayer | 14.0.4 |
| realnetworks | realplayer | 2.0 |
| realnetworks | realplayer | 14.0.2 |
| realnetworks | realplayer_sp | 1.0.1 |
| realnetworks | realplayer | 2.1.4 |
| realnetworks | realplayer | 2.1.5 |
| realnetworks | realplayer | 14.0.3 |
| realnetworks | realplayer_sp | 1.1 |
| realnetworks | realplayer | 14.0.0 |
| realnetworks | realplayer_sp | 1.0.2 |
| realnetworks | realplayer_sp | 1.1.2 |
| realnetworks | realplayer_sp | 1.1.3 |
| realnetworks | realplayer | 11.1 |
| realnetworks | realplayer | 2.1.2 |
| realnetworks | realplayer_sp | 1.1.1 |
| realnetworks | realplayer | 11.0 |
| realnetworks | realplayer | 14.0.1 |
| realnetworks | realplayer_sp | 1.0.0 |
| realnetworks | realplayer_sp | 1.1.5 |
| realnetworks | realplayer | 14.0.5 |
Cross-zone scripting vulnerability in the RealPlayer ActiveX control in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5 and RealPlayer SP 1.0 through 1.1.5 allows remote attackers to inject arbitrary web script or HTML in the Local Zone via a local HTML document.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| realnetworks | realplayer_sp | 1.0.5 |
| realnetworks | realplayer_sp | 1.1.4 |
| realnetworks | realplayer | 14.0.4 |
| realnetworks | realplayer | 14.0.2 |
| realnetworks | realplayer_sp | 1.0.1 |
| realnetworks | realplayer | 14.0.3 |
| realnetworks | realplayer_sp | 1.1 |
| realnetworks | realplayer | 14.0.0 |
| realnetworks | realplayer_sp | 1.0.2 |
| realnetworks | realplayer_sp | 1.1.2 |
| realnetworks | realplayer_sp | 1.1.3 |
| realnetworks | realplayer | 11.1 |
| realnetworks | realplayer_sp | 1.1.1 |
| realnetworks | realplayer | 11.0 |
| realnetworks | realplayer | 14.0.1 |
| realnetworks | realplayer_sp | 1.0.0 |
| realnetworks | realplayer_sp | 1.1.5 |
| realnetworks | realplayer | 14.0.5 |
RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5, RealPlayer SP 1.0 through 1.1.5, RealPlayer Enterprise 2.0 through 2.1.5, and Mac RealPlayer 12.0.0.1569 do not properly handle DEFINEFONT fields in SWF files, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted file.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| realnetworks | realplayer_sp | 1.0.5 |
| realnetworks | realplayer_sp | 1.1.4 |
| realnetworks | realplayer | 14.0.2 |
| realnetworks | realplayer | 14.0.3 |
| realnetworks | realplayer_sp | 1.1 |
| realnetworks | realplayer | 14.0.0 |
| realnetworks | realplayer_sp | 1.0.2 |
| realnetworks | realplayer | 11.1 |
| realnetworks | realplayer | 2.1.2 |
| realnetworks | realplayer_sp | 1.1.1 |
| realnetworks | realplayer_sp | 1.1.5 |
| realnetworks | realplayer | 14.0.5 |
| realnetworks | realplayer | 12.0.0.1569 |
| realnetworks | realplayer | 2.1.3 |
| realnetworks | realplayer | 14.0.4 |
| realnetworks | realplayer | 2.0 |
| realnetworks | realplayer_sp | 1.0.1 |
| realnetworks | realplayer | 2.1.4 |
| realnetworks | realplayer | 2.1.5 |
| realnetworks | realplayer_sp | 1.1.2 |
| realnetworks | realplayer_sp | 1.1.3 |
| realnetworks | realplayer | 11.0 |
| realnetworks | realplayer | 14.0.1 |
| realnetworks | realplayer_sp | 1.0.0 |
Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5, RealPlayer SP 1.0 through 1.1.5, and RealPlayer Enterprise 2.0 through 2.1.5 allows remote attackers to execute arbitrary code via crafted ID3v2 tags in an MP3 file.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| realnetworks | realplayer_sp | 1.0.5 |
| realnetworks | realplayer_sp | 1.1.4 |
| realnetworks | realplayer | 2.1.3 |
| realnetworks | realplayer | 14.0.4 |
| realnetworks | realplayer | 2.0 |
| realnetworks | realplayer | 14.0.2 |
| realnetworks | realplayer_sp | 1.0.1 |
| realnetworks | realplayer | 2.1.4 |
| realnetworks | realplayer | 2.1.5 |
| realnetworks | realplayer | 14.0.3 |
| realnetworks | realplayer_sp | 1.1 |
| realnetworks | realplayer | 14.0.0 |
| realnetworks | realplayer_sp | 1.0.2 |
| realnetworks | realplayer_sp | 1.1.2 |
| realnetworks | realplayer_sp | 1.1.3 |
| realnetworks | realplayer | 11.1 |
| realnetworks | realplayer | 2.1.2 |
| realnetworks | realplayer_sp | 1.1.1 |
| realnetworks | realplayer | 11.0 |
| realnetworks | realplayer | 14.0.1 |
| realnetworks | realplayer_sp | 1.0.0 |
| realnetworks | realplayer_sp | 1.1.5 |
| realnetworks | realplayer | 14.0.5 |
Heap-based buffer overflow in qcpfformat.dll in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5 and RealPlayer SP 1.0 through 1.1.5 allows remote attackers to execute arbitrary code via a crafted QCP file.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| realnetworks | realplayer_sp | 1.0.5 |
| realnetworks | realplayer_sp | 1.1.4 |
| realnetworks | realplayer | 14.0.4 |
| realnetworks | realplayer | 14.0.2 |
| realnetworks | realplayer_sp | 1.0.1 |
| realnetworks | realplayer | 14.0.3 |
| realnetworks | realplayer_sp | 1.1 |
| realnetworks | realplayer | 14.0.0 |
| realnetworks | realplayer_sp | 1.0.2 |
| realnetworks | realplayer_sp | 1.1.2 |
| realnetworks | realplayer_sp | 1.1.3 |
| realnetworks | realplayer | 11.1 |
| realnetworks | realplayer_sp | 1.1.1 |
| realnetworks | realplayer | 11.0 |
| realnetworks | realplayer | 14.0.1 |
| realnetworks | realplayer_sp | 1.0.0 |
| realnetworks | realplayer_sp | 1.1.5 |
| realnetworks | realplayer | 14.0.5 |
Buffer overflow in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5, RealPlayer SP 1.0 through 1.1.5, and Mac RealPlayer 12.0.0.1569 allows remote attackers to execute arbitrary code via a crafted raw_data_frame field in an AAC file.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| realnetworks | realplayer_sp | 1.0.5 |
| realnetworks | realplayer | 12.0.0.1569 |
| realnetworks | realplayer_sp | 1.1.4 |
| realnetworks | realplayer | 14.0.4 |
| realnetworks | realplayer | 14.0.2 |
| realnetworks | realplayer_sp | 1.0.1 |
| realnetworks | realplayer | 14.0.3 |
| realnetworks | realplayer_sp | 1.1 |
| realnetworks | realplayer | 14.0.0 |
| realnetworks | realplayer_sp | 1.0.2 |
| realnetworks | realplayer_sp | 1.1.2 |
| realnetworks | realplayer_sp | 1.1.3 |
| realnetworks | realplayer | 11.1 |
| realnetworks | realplayer_sp | 1.1.1 |
| realnetworks | realplayer | 11.0 |
| realnetworks | realplayer | 14.0.1 |
| realnetworks | realplayer_sp | 1.0.0 |
| realnetworks | realplayer_sp | 1.1.5 |
| realnetworks | realplayer | 14.0.5 |
Use-after-free vulnerability in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5, RealPlayer SP 1.0 through 1.1.5, and RealPlayer Enterprise 2.0 through 2.1.5 allows remote attackers to execute arbitrary code via vectors related to a dialog box.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-399,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| realnetworks | realplayer_sp | 1.0.5 |
| realnetworks | realplayer_sp | 1.1.4 |
| realnetworks | realplayer | 14.0.2 |
| realnetworks | realplayer | 14.0.3 |
| realnetworks | realplayer_sp | 1.1 |
| realnetworks | realplayer | 14.0.0 |
| realnetworks | realplayer_sp | 1.0.2 |
| realnetworks | realplayer | 11.1 |
| realnetworks | realplayer | 2.1.2 |
| realnetworks | realplayer_sp | 1.1.1 |
| realnetworks | realplayer_sp | 1.1.5 |
| realnetworks | realplayer | 14.0.5 |
| realnetworks | realplayer | 2.1.3 |
| realnetworks | realplayer | 14.0.4 |
| realnetworks | realplayer | 2.0 |
| realnetworks | realplayer_sp | 1.0.1 |
| realnetworks | realplayer | 2.1.4 |
| realnetworks | realplayer | 2.1.5 |
| realnetworks | realplayer_sp | 1.1.2 |
| realnetworks | realplayer_sp | 1.1.3 |
| realnetworks | realplayer | 11.0 |
| realnetworks | realplayer | 2.1 |
| realnetworks | realplayer | 14.0.1 |
| realnetworks | realplayer_sp | 1.0.0 |
An unspecified ActiveX control in the browser plugin in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5, RealPlayer SP 1.0 through 1.1.5, and RealPlayer Enterprise 2.0 through 2.1.5 allows remote attackers to execute arbitrary code via unknown vectors, related to an out-of-bounds condition.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| realnetworks | realplayer_sp | 1.0.5 |
| realnetworks | realplayer_sp | 1.1.4 |
| realnetworks | realplayer | 14.0.2 |
| realnetworks | realplayer | 14.0.3 |
| realnetworks | realplayer_sp | 1.1 |
| realnetworks | realplayer | 14.0.0 |
| realnetworks | realplayer_sp | 1.0.2 |
| realnetworks | realplayer | 11.1 |
| realnetworks | realplayer | 2.1.2 |
| realnetworks | realplayer_sp | 1.1.1 |
| realnetworks | realplayer_sp | 1.1.5 |
| realnetworks | realplayer | 14.0.5 |
| realnetworks | realplayer | 2.1.3 |
| realnetworks | realplayer | 14.0.4 |
| realnetworks | realplayer | 2.0 |
| realnetworks | realplayer_sp | 1.0.1 |
| realnetworks | realplayer | 2.1.4 |
| realnetworks | realplayer | 2.1.5 |
| realnetworks | realplayer_sp | 1.1.2 |
| realnetworks | realplayer_sp | 1.1.3 |
| realnetworks | realplayer | 11.0 |
| realnetworks | realplayer | 2.1 |
| realnetworks | realplayer | 14.0.1 |
| realnetworks | realplayer_sp | 1.0.0 |
Use-after-free vulnerability in the AutoUpdate feature in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5 and RealPlayer SP 1.0 through 1.1.5, when an Embedded RealPlayer is used, allows remote attackers to execute arbitrary code via unspecified vectors.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-399,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| realnetworks | realplayer_sp | 1.0.5 |
| realnetworks | realplayer_sp | 1.1.4 |
| realnetworks | realplayer | 14.0.4 |
| realnetworks | realplayer | 14.0.2 |
| realnetworks | realplayer_sp | 1.0.1 |
| realnetworks | realplayer | 14.0.3 |
| realnetworks | realplayer_sp | 1.1 |
| realnetworks | realplayer | 14.0.0 |
| realnetworks | realplayer_sp | 1.0.2 |
| realnetworks | realplayer_sp | 1.1.2 |
| realnetworks | realplayer_sp | 1.1.3 |
| realnetworks | realplayer | 11.1 |
| realnetworks | realplayer_sp | 1.1.1 |
| realnetworks | realplayer | 11.0 |
| realnetworks | realplayer | 14.0.1 |
| realnetworks | realplayer_sp | 1.0.0 |
| realnetworks | realplayer_sp | 1.1.5 |
| realnetworks | realplayer | 14.0.5 |
Use-after-free vulnerability in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5, RealPlayer SP 1.0 through 1.1.5, and RealPlayer Enterprise 2.0 through 2.1.5, when an Embedded RealPlayer is used, allows remote attackers to execute arbitrary code via vectors related to a modal dialog.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-399,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| realnetworks | realplayer_sp | 1.0.5 |
| realnetworks | realplayer_sp | 1.1.4 |
| realnetworks | realplayer | 14.0.2 |
| realnetworks | realplayer | 14.0.3 |
| realnetworks | realplayer_sp | 1.1 |
| realnetworks | realplayer | 14.0.0 |
| realnetworks | realplayer_sp | 1.0.2 |
| realnetworks | realplayer | 11.1 |
| realnetworks | realplayer | 2.1.2 |
| realnetworks | realplayer_sp | 1.1.1 |
| realnetworks | realplayer_sp | 1.1.5 |
| realnetworks | realplayer | 14.0.5 |
| realnetworks | realplayer | 2.1.3 |
| realnetworks | realplayer | 14.0.4 |
| realnetworks | realplayer | 2.0 |
| realnetworks | realplayer_sp | 1.0.1 |
| realnetworks | realplayer | 2.1.4 |
| realnetworks | realplayer | 2.1.5 |
| realnetworks | realplayer_sp | 1.1.2 |
| realnetworks | realplayer_sp | 1.1.3 |
| realnetworks | realplayer | 11.0 |
| realnetworks | realplayer | 2.1 |
| realnetworks | realplayer | 14.0.1 |
| realnetworks | realplayer_sp | 1.0.0 |
Heap-based buffer overflow in the RealVideo renderer in RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via unspecified vectors.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| realnetworks | realplayer | 10.0 |
| realnetworks | realplayer | 11.0.2.1744 |
| realnetworks | realplayer | 11.0.5 |
| realnetworks | realplayer | 11.0.2 |
| realnetworks | realplayer | 14.0.2 |
| realnetworks | realplayer | 7 |
| realnetworks | realplayer | 8 |
| realnetworks | realplayer | 11.1.3 |
| realnetworks | realplayer | 14.0.3 |
| realnetworks | realplayer | 14.0.0 |
| realnetworks | realplayer | 11.0.1 |
| realnetworks | realplayer | 4 |
| realnetworks | realplayer | 11.1 |
| realnetworks | realplayer | 14.0.6 |
| realnetworks | realplayer | 11.0.4 |
| realnetworks | realplayer | * |
| realnetworks | realplayer | 14.0.5 |
| realnetworks | realplayer | 6 |
| realnetworks | realplayer | 14.0.1.633 |
| realnetworks | realplayer | 14.0.4 |
| realnetworks | realplayer | 11.0.2.2315 |
| realnetworks | realplayer | 5 |
| realnetworks | realplayer | 14.0.1.609 |
| realnetworks | realplayer | 11_build_6.0.14.748 |
| realnetworks | realplayer | 12.0.0.1444 |
| realnetworks | realplayer | 11.0 |
| realnetworks | realplayer | 10.5 |
| realnetworks | realplayer | 12.0.0.1548 |
| realnetworks | realplayer | 14.0.1 |
| realnetworks | realplayer | 11.0.3 |
The RealVideo renderer in RealNetworks RealPlayer before 15.0.0 and Mac RealPlayer before 12.0.0.1703 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| realnetworks | realplayer | 10.0 |
| realnetworks | realplayer | 10.0.0.331 |
| realnetworks | realplayer | 11.0.2.1744 |
| realnetworks | realplayer | 11.0.5 |
| realnetworks | realplayer | 11.0.2 |
| realnetworks | realplayer | 14.0.2 |
| realnetworks | realplayer | 7 |
| realnetworks | realplayer | 8 |
| realnetworks | realplayer | 11.1.3 |
| realnetworks | realplayer | 14.0.3 |
| realnetworks | realplayer | 14.0.0 |
| realnetworks | realplayer | 11.0.1 |
| realnetworks | realplayer | 8.0 |
| realnetworks | realplayer | 4 |
| realnetworks | realplayer | 11.1 |
| realnetworks | realplayer | 14.0.6 |
| realnetworks | realplayer | 11.0.4 |
| realnetworks | realplayer | * |
| realnetworks | realplayer | 14.0.5 |
| realnetworks | realplayer | 12.0.0.1569 |
| realnetworks | realplayer | 10.1 |
| realnetworks | realplayer | 10.0.0.305 |
| realnetworks | realplayer | 6 |
| realnetworks | realplayer | 14.0.1.633 |
| realnetworks | realplayer | 14.0.4 |
| realnetworks | realplayer | 11.0.2.2315 |
| realnetworks | realplayer | 5 |
| realnetworks | realplayer | 14.0.1.609 |
| realnetworks | realplayer | 11_build_6.0.14.748 |
| realnetworks | realplayer | 12.0.0.1444 |
| realnetworks | realplayer | 11.0 |
| realnetworks | realplayer | 10.5 |
| realnetworks | realplayer | 12.0.0.1548 |
| realnetworks | realplayer | 14.0.1 |
| realnetworks | realplayer | 11.0.3 |
| realnetworks | realplayer | 7.0 |
The AAC codec in RealNetworks RealPlayer before 15.0.0 and Mac RealPlayer before 12.0.0.1703 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| realnetworks | realplayer | 10.0 |
| realnetworks | realplayer | 10.0.0.331 |
| realnetworks | realplayer | 11.0.2.1744 |
| realnetworks | realplayer | 11.0.5 |
| realnetworks | realplayer | 11.0.2 |
| realnetworks | realplayer | 14.0.2 |
| realnetworks | realplayer | 7 |
| realnetworks | realplayer | 8 |
| realnetworks | realplayer | 11.1.3 |
| realnetworks | realplayer | 14.0.3 |
| realnetworks | realplayer | 14.0.0 |
| realnetworks | realplayer | 11.0.1 |
| realnetworks | realplayer | 8.0 |
| realnetworks | realplayer | 4 |
| realnetworks | realplayer | 11.1 |
| realnetworks | realplayer | 14.0.6 |
| realnetworks | realplayer | 11.0.4 |
| realnetworks | realplayer | * |
| realnetworks | realplayer | 14.0.5 |
| realnetworks | realplayer | 12.0.0.1569 |
| realnetworks | realplayer | 10.1 |
| realnetworks | realplayer | 10.0.0.305 |
| realnetworks | realplayer | 6 |
| realnetworks | realplayer | 14.0.1.633 |
| realnetworks | realplayer | 14.0.4 |
| realnetworks | realplayer | 11.0.2.2315 |
| realnetworks | realplayer | 5 |
| realnetworks | realplayer | 14.0.1.609 |
| realnetworks | realplayer | 11_build_6.0.14.748 |
| realnetworks | realplayer | 12.0.0.1444 |
| realnetworks | realplayer | 11.0 |
| realnetworks | realplayer | 10.5 |
| realnetworks | realplayer | 12.0.0.1548 |
| realnetworks | realplayer | 14.0.1 |
| realnetworks | realplayer | 11.0.3 |
| realnetworks | realplayer | 7.0 |
RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via a crafted QCELP stream.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-94,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| realnetworks | realplayer | 10.0 |
| realnetworks | realplayer | 11.0.2.1744 |
| realnetworks | realplayer | 11.0.5 |
| realnetworks | realplayer | 11.0.2 |
| realnetworks | realplayer | 14.0.2 |
| realnetworks | realplayer | 7 |
| realnetworks | realplayer | 8 |
| realnetworks | realplayer | 11.1.3 |
| realnetworks | realplayer | 14.0.3 |
| realnetworks | realplayer | 14.0.0 |
| realnetworks | realplayer | 11.0.1 |
| realnetworks | realplayer | 4 |
| realnetworks | realplayer | 11.1 |
| realnetworks | realplayer | 14.0.6 |
| realnetworks | realplayer | 11.0.4 |
| realnetworks | realplayer | * |
| realnetworks | realplayer | 14.0.5 |
| realnetworks | realplayer | 6 |
| realnetworks | realplayer | 14.0.1.633 |
| realnetworks | realplayer | 14.0.4 |
| realnetworks | realplayer | 11.0.2.2315 |
| realnetworks | realplayer | 5 |
| realnetworks | realplayer | 14.0.1.609 |
| realnetworks | realplayer | 11_build_6.0.14.748 |
| realnetworks | realplayer | 12.0.0.1444 |
| realnetworks | realplayer | 11.0 |
| realnetworks | realplayer | 10.5 |
| realnetworks | realplayer | 12.0.0.1548 |
| realnetworks | realplayer | 14.0.1 |
| realnetworks | realplayer | 11.0.3 |
RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via a malformed AAC file.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-94,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| realnetworks | realplayer | 10.0 |
| realnetworks | realplayer | 11.0.2.1744 |
| realnetworks | realplayer | 11.0.5 |
| realnetworks | realplayer | 11.0.2 |
| realnetworks | realplayer | 14.0.2 |
| realnetworks | realplayer | 7 |
| realnetworks | realplayer | 8 |
| realnetworks | realplayer | 11.1.3 |
| realnetworks | realplayer | 14.0.3 |
| realnetworks | realplayer | 14.0.0 |
| realnetworks | realplayer | 11.0.1 |
| realnetworks | realplayer | 4 |
| realnetworks | realplayer | 11.1 |
| realnetworks | realplayer | 14.0.6 |
| realnetworks | realplayer | 11.0.4 |
| realnetworks | realplayer | * |
| realnetworks | realplayer | 14.0.5 |
| realnetworks | realplayer | 6 |
| realnetworks | realplayer | 14.0.1.633 |
| realnetworks | realplayer | 14.0.4 |
| realnetworks | realplayer | 11.0.2.2315 |
| realnetworks | realplayer | 5 |
| realnetworks | realplayer | 14.0.1.609 |
| realnetworks | realplayer | 11_build_6.0.14.748 |
| realnetworks | realplayer | 12.0.0.1444 |
| realnetworks | realplayer | 11.0 |
| realnetworks | realplayer | 10.5 |
| realnetworks | realplayer | 12.0.0.1548 |
| realnetworks | realplayer | 14.0.1 |
| realnetworks | realplayer | 11.0.3 |
Array index error in the RV30 codec in RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via unspecified vectors.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| realnetworks | realplayer | 10.0 |
| realnetworks | realplayer | 11.0.2.1744 |
| realnetworks | realplayer | 11.0.5 |
| realnetworks | realplayer | 11.0.2 |
| realnetworks | realplayer | 14.0.2 |
| realnetworks | realplayer | 7 |
| realnetworks | realplayer | 8 |
| realnetworks | realplayer | 11.1.3 |
| realnetworks | realplayer | 14.0.3 |
| realnetworks | realplayer | 14.0.0 |
| realnetworks | realplayer | 11.0.1 |
| realnetworks | realplayer | 4 |
| realnetworks | realplayer | 11.1 |
| realnetworks | realplayer | 14.0.6 |
| realnetworks | realplayer | 11.0.4 |
| realnetworks | realplayer | * |
| realnetworks | realplayer | 14.0.5 |
| realnetworks | realplayer | 6 |
| realnetworks | realplayer | 14.0.1.633 |
| realnetworks | realplayer | 14.0.4 |
| realnetworks | realplayer | 11.0.2.2315 |
| realnetworks | realplayer | 5 |
| realnetworks | realplayer | 14.0.1.609 |
| realnetworks | realplayer | 11_build_6.0.14.748 |
| realnetworks | realplayer | 12.0.0.1444 |
| realnetworks | realplayer | 11.0 |
| realnetworks | realplayer | 10.5 |
| realnetworks | realplayer | 12.0.0.1548 |
| realnetworks | realplayer | 14.0.1 |
| realnetworks | realplayer | 11.0.3 |
Unspecified vulnerability in the ATRC codec in RealNetworks RealPlayer before 15.0.0 and Mac RealPlayer before 12.0.0.1703 allows remote attackers to execute arbitrary code via unknown vectors.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| realnetworks | realplayer | 10.0 |
| realnetworks | realplayer | 10.0.0.331 |
| realnetworks | realplayer | 11.0.2.1744 |
| realnetworks | realplayer | 11.0.5 |
| realnetworks | realplayer | 11.0.2 |
| realnetworks | realplayer | 14.0.2 |
| realnetworks | realplayer | 7 |
| realnetworks | realplayer | 8 |
| realnetworks | realplayer | 11.1.3 |
| realnetworks | realplayer | 14.0.3 |
| realnetworks | realplayer | 14.0.0 |
| realnetworks | realplayer | 11.0.1 |
| realnetworks | realplayer | 8.0 |
| realnetworks | realplayer | 4 |
| realnetworks | realplayer | 11.1 |
| realnetworks | realplayer | 14.0.6 |
| realnetworks | realplayer | 11.0.4 |
| realnetworks | realplayer | * |
| realnetworks | realplayer | 14.0.5 |
| realnetworks | realplayer | 12.0.0.1569 |
| realnetworks | realplayer | 10.1 |
| realnetworks | realplayer | 10.0.0.305 |
| realnetworks | realplayer | 6 |
| realnetworks | realplayer | 14.0.1.633 |
| realnetworks | realplayer | 14.0.4 |
| realnetworks | realplayer | 11.0.2.2315 |
| realnetworks | realplayer | 5 |
| realnetworks | realplayer | 14.0.1.609 |
| realnetworks | realplayer | 11_build_6.0.14.748 |
| realnetworks | realplayer | 12.0.0.1444 |
| realnetworks | realplayer | 11.0 |
| realnetworks | realplayer | 10.5 |
| realnetworks | realplayer | 12.0.0.1548 |
| realnetworks | realplayer | 14.0.1 |
| realnetworks | realplayer | 11.0.3 |
| realnetworks | realplayer | 7.0 |
RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via a crafted sample size in a RealAudio file.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-94,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| realnetworks | realplayer | 10.0 |
| realnetworks | realplayer | 11.0.2.1744 |
| realnetworks | realplayer | 11.0.5 |
| realnetworks | realplayer | 11.0.2 |
| realnetworks | realplayer | 14.0.2 |
| realnetworks | realplayer | 7 |
| realnetworks | realplayer | 8 |
| realnetworks | realplayer | 11.1.3 |
| realnetworks | realplayer | 14.0.3 |
| realnetworks | realplayer | 14.0.0 |
| realnetworks | realplayer | 11.0.1 |
| realnetworks | realplayer | 4 |
| realnetworks | realplayer | 11.1 |
| realnetworks | realplayer | 14.0.6 |
| realnetworks | realplayer | 11.0.4 |
| realnetworks | realplayer | * |
| realnetworks | realplayer | 14.0.5 |
| realnetworks | realplayer | 6 |
| realnetworks | realplayer | 14.0.1.633 |
| realnetworks | realplayer | 14.0.4 |
| realnetworks | realplayer | 11.0.2.2315 |
| realnetworks | realplayer | 5 |
| realnetworks | realplayer | 14.0.1.609 |
| realnetworks | realplayer | 11_build_6.0.14.748 |
| realnetworks | realplayer | 12.0.0.1444 |
| realnetworks | realplayer | 11.0 |
| realnetworks | realplayer | 10.5 |
| realnetworks | realplayer | 12.0.0.1548 |
| realnetworks | realplayer | 14.0.1 |
| realnetworks | realplayer | 11.0.3 |
The RV10 codec in RealNetworks RealPlayer before 15.0.0 and Mac RealPlayer before 12.0.0.1703 allows remote attackers to execute arbitrary code via a crafted sample height.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-94,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| realnetworks | realplayer | 10.0 |
| realnetworks | realplayer | 10.0.0.331 |
| realnetworks | realplayer | 11.0.2.1744 |
| realnetworks | realplayer | 11.0.5 |
| realnetworks | realplayer | 11.0.2 |
| realnetworks | realplayer | 14.0.2 |
| realnetworks | realplayer | 7 |
| realnetworks | realplayer | 8 |
| realnetworks | realplayer | 11.1.3 |
| realnetworks | realplayer | 14.0.3 |
| realnetworks | realplayer | 14.0.0 |
| realnetworks | realplayer | 11.0.1 |
| realnetworks | realplayer | 8.0 |
| realnetworks | realplayer | 4 |
| realnetworks | realplayer | 11.1 |
| realnetworks | realplayer | 14.0.6 |
| realnetworks | realplayer | 11.0.4 |
| realnetworks | realplayer | * |
| realnetworks | realplayer | 14.0.5 |
| realnetworks | realplayer | 12.0.0.1569 |
| realnetworks | realplayer | 10.1 |
| realnetworks | realplayer | 10.0.0.305 |
| realnetworks | realplayer | 6 |
| realnetworks | realplayer | 14.0.1.633 |
| realnetworks | realplayer | 14.0.4 |
| realnetworks | realplayer | 11.0.2.2315 |
| realnetworks | realplayer | 5 |
| realnetworks | realplayer | 14.0.1.609 |
| realnetworks | realplayer | 11_build_6.0.14.748 |
| realnetworks | realplayer | 12.0.0.1444 |
| realnetworks | realplayer | 11.0 |
| realnetworks | realplayer | 10.5 |
| realnetworks | realplayer | 12.0.0.1548 |
| realnetworks | realplayer | 14.0.1 |
| realnetworks | realplayer | 11.0.3 |
| realnetworks | realplayer | 7.0 |
Unspecified vulnerability in the RV20 codec in RealNetworks RealPlayer before 15.0.0 and Mac RealPlayer before 12.0.0.1703 allows remote attackers to execute arbitrary code via unknown vectors.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| realnetworks | realplayer | 10.0 |
| realnetworks | realplayer | 10.0.0.331 |
| realnetworks | realplayer | 11.0.2.1744 |
| realnetworks | realplayer | 11.0.5 |
| realnetworks | realplayer | 11.0.2 |
| realnetworks | realplayer | 14.0.2 |
| realnetworks | realplayer | 7 |
| realnetworks | realplayer | 8 |
| realnetworks | realplayer | 11.1.3 |
| realnetworks | realplayer | 14.0.3 |
| realnetworks | realplayer | 14.0.0 |
| realnetworks | realplayer | 11.0.1 |
| realnetworks | realplayer | 8.0 |
| realnetworks | realplayer | 4 |
| realnetworks | realplayer | 11.1 |
| realnetworks | realplayer | 14.0.6 |
| realnetworks | realplayer | 11.0.4 |
| realnetworks | realplayer | * |
| realnetworks | realplayer | 14.0.5 |
| realnetworks | realplayer | 12.0.0.1569 |
| realnetworks | realplayer | 10.1 |
| realnetworks | realplayer | 10.0.0.305 |
| realnetworks | realplayer | 6 |
| realnetworks | realplayer | 14.0.1.633 |
| realnetworks | realplayer | 14.0.4 |
| realnetworks | realplayer | 11.0.2.2315 |
| realnetworks | realplayer | 5 |
| realnetworks | realplayer | 14.0.1.609 |
| realnetworks | realplayer | 11_build_6.0.14.748 |
| realnetworks | realplayer | 12.0.0.1444 |
| realnetworks | realplayer | 11.0 |
| realnetworks | realplayer | 10.5 |
| realnetworks | realplayer | 12.0.0.1548 |
| realnetworks | realplayer | 14.0.1 |
| realnetworks | realplayer | 11.0.3 |
| realnetworks | realplayer | 7.0 |
RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via a crafted RTSP SETUP request.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-94,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| realnetworks | realplayer | 10.0 |
| realnetworks | realplayer | 11.0.2.1744 |
| realnetworks | realplayer | 11.0.5 |
| realnetworks | realplayer | 11.0.2 |
| realnetworks | realplayer | 14.0.2 |
| realnetworks | realplayer | 7 |
| realnetworks | realplayer | 8 |
| realnetworks | realplayer | 11.1.3 |
| realnetworks | realplayer | 14.0.3 |
| realnetworks | realplayer | 14.0.0 |
| realnetworks | realplayer | 11.0.1 |
| realnetworks | realplayer | 4 |
| realnetworks | realplayer | 11.1 |
| realnetworks | realplayer | 14.0.6 |
| realnetworks | realplayer | 11.0.4 |
| realnetworks | realplayer | * |
| realnetworks | realplayer | 14.0.5 |
| realnetworks | realplayer | 6 |
| realnetworks | realplayer | 14.0.1.633 |
| realnetworks | realplayer | 14.0.4 |
| realnetworks | realplayer | 11.0.2.2315 |
| realnetworks | realplayer | 5 |
| realnetworks | realplayer | 14.0.1.609 |
| realnetworks | realplayer | 11_build_6.0.14.748 |
| realnetworks | realplayer | 12.0.0.1444 |
| realnetworks | realplayer | 11.0 |
| realnetworks | realplayer | 10.5 |
| realnetworks | realplayer | 12.0.0.1548 |
| realnetworks | realplayer | 14.0.1 |
| realnetworks | realplayer | 11.0.3 |
Unspecified vulnerability in RealNetworks RealPlayer before 15.0.0 and Mac RealPlayer before 12.0.0.1703 allows remote attackers to execute arbitrary code via an invalid codec name.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| realnetworks | realplayer | 10.0 |
| realnetworks | realplayer | 10.0.0.331 |
| realnetworks | realplayer | 11.0.2.1744 |
| realnetworks | realplayer | 11.0.5 |
| realnetworks | realplayer | 11.0.2 |
| realnetworks | realplayer | 14.0.2 |
| realnetworks | realplayer | 7 |
| realnetworks | realplayer | 8 |
| realnetworks | realplayer | 11.1.3 |
| realnetworks | realplayer | 14.0.3 |
| realnetworks | realplayer | 14.0.0 |
| realnetworks | realplayer | 11.0.1 |
| realnetworks | realplayer | 8.0 |
| realnetworks | realplayer | 4 |
| realnetworks | realplayer | 11.1 |
| realnetworks | realplayer | 14.0.6 |
| realnetworks | realplayer | 11.0.4 |
| realnetworks | realplayer | * |
| realnetworks | realplayer | 14.0.5 |
| realnetworks | realplayer | 12.0.0.1569 |
| realnetworks | realplayer | 10.1 |
| realnetworks | realplayer | 10.0.0.305 |
| realnetworks | realplayer | 6 |
| realnetworks | realplayer | 14.0.1.633 |
| realnetworks | realplayer | 14.0.4 |
| realnetworks | realplayer | 11.0.2.2315 |
| realnetworks | realplayer | 5 |
| realnetworks | realplayer | 14.0.1.609 |
| realnetworks | realplayer | 11_build_6.0.14.748 |
| realnetworks | realplayer | 12.0.0.1444 |
| realnetworks | realplayer | 11.0 |
| realnetworks | realplayer | 10.5 |
| realnetworks | realplayer | 12.0.0.1548 |
| realnetworks | realplayer | 14.0.1 |
| realnetworks | realplayer | 11.0.3 |
| realnetworks | realplayer | 7.0 |
The RV30 codec in RealNetworks RealPlayer before 15.0.0 and Mac RealPlayer before 12.0.0.1703 does not initialize an unspecified index value, which allows remote attackers to execute arbitrary code via unknown vectors.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-94,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| realnetworks | realplayer | 10.0 |
| realnetworks | realplayer | 10.0.0.331 |
| realnetworks | realplayer | 11.0.2.1744 |
| realnetworks | realplayer | 11.0.5 |
| realnetworks | realplayer | 11.0.2 |
| realnetworks | realplayer | 14.0.2 |
| realnetworks | realplayer | 7 |
| realnetworks | realplayer | 8 |
| realnetworks | realplayer | 11.1.3 |
| realnetworks | realplayer | 14.0.3 |
| realnetworks | realplayer | 14.0.0 |
| realnetworks | realplayer | 11.0.1 |
| realnetworks | realplayer | 8.0 |
| realnetworks | realplayer | 4 |
| realnetworks | realplayer | 11.1 |
| realnetworks | realplayer | 14.0.6 |
| realnetworks | realplayer | 11.0.4 |
| realnetworks | realplayer | * |
| realnetworks | realplayer | 14.0.5 |
| realnetworks | realplayer | 12.0.0.1569 |
| realnetworks | realplayer | 10.1 |
| realnetworks | realplayer | 10.0.0.305 |
| realnetworks | realplayer | 6 |
| realnetworks | realplayer | 14.0.1.633 |
| realnetworks | realplayer | 14.0.4 |
| realnetworks | realplayer | 11.0.2.2315 |
| realnetworks | realplayer | 5 |
| realnetworks | realplayer | 14.0.1.609 |
| realnetworks | realplayer | 11_build_6.0.14.748 |
| realnetworks | realplayer | 12.0.0.1444 |
| realnetworks | realplayer | 11.0 |
| realnetworks | realplayer | 10.5 |
| realnetworks | realplayer | 12.0.0.1548 |
| realnetworks | realplayer | 14.0.1 |
| realnetworks | realplayer | 11.0.3 |
| realnetworks | realplayer | 7.0 |
The Cook codec in RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via crafted channel data.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-94,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| realnetworks | realplayer | 10.0 |
| realnetworks | realplayer | 11.0.2.1744 |
| realnetworks | realplayer | 11.0.5 |
| realnetworks | realplayer | 11.0.2 |
| realnetworks | realplayer | 14.0.2 |
| realnetworks | realplayer | 7 |
| realnetworks | realplayer | 8 |
| realnetworks | realplayer | 11.1.3 |
| realnetworks | realplayer | 14.0.3 |
| realnetworks | realplayer | 14.0.0 |
| realnetworks | realplayer | 11.0.1 |
| realnetworks | realplayer | 4 |
| realnetworks | realplayer | 11.1 |
| realnetworks | realplayer | 14.0.6 |
| realnetworks | realplayer | 11.0.4 |
| realnetworks | realplayer | * |
| realnetworks | realplayer | 14.0.5 |
| realnetworks | realplayer | 6 |
| realnetworks | realplayer | 14.0.1.633 |
| realnetworks | realplayer | 14.0.4 |
| realnetworks | realplayer | 11.0.2.2315 |
| realnetworks | realplayer | 5 |
| realnetworks | realplayer | 14.0.1.609 |
| realnetworks | realplayer | 11_build_6.0.14.748 |
| realnetworks | realplayer | 12.0.0.1444 |
| realnetworks | realplayer | 11.0 |
| realnetworks | realplayer | 10.5 |
| realnetworks | realplayer | 12.0.0.1548 |
| realnetworks | realplayer | 14.0.1 |
| realnetworks | realplayer | 11.0.3 |
RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via a crafted length of an MLTI chunk in an IVR file.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-94,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| realnetworks | realplayer | 10.0 |
| realnetworks | realplayer | 11.0.2.1744 |
| realnetworks | realplayer | 11.0.5 |
| realnetworks | realplayer | 11.0.2 |
| realnetworks | realplayer | 14.0.2 |
| realnetworks | realplayer | 7 |
| realnetworks | realplayer | 8 |
| realnetworks | realplayer | 11.1.3 |
| realnetworks | realplayer | 14.0.3 |
| realnetworks | realplayer | 14.0.0 |
| realnetworks | realplayer | 11.0.1 |
| realnetworks | realplayer | 4 |
| realnetworks | realplayer | 11.1 |
| realnetworks | realplayer | 14.0.6 |
| realnetworks | realplayer | 11.0.4 |
| realnetworks | realplayer | * |
| realnetworks | realplayer | 14.0.5 |
| realnetworks | realplayer | 6 |
| realnetworks | realplayer | 14.0.1.633 |
| realnetworks | realplayer | 14.0.4 |
| realnetworks | realplayer | 11.0.2.2315 |
| realnetworks | realplayer | 5 |
| realnetworks | realplayer | 14.0.1.609 |
| realnetworks | realplayer | 11_build_6.0.14.748 |
| realnetworks | realplayer | 12.0.0.1444 |
| realnetworks | realplayer | 11.0 |
| realnetworks | realplayer | 10.5 |
| realnetworks | realplayer | 12.0.0.1548 |
| realnetworks | realplayer | 14.0.1 |
| realnetworks | realplayer | 11.0.3 |
Integer underflow in RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via a crafted width value in an MPG file.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-189,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| realnetworks | realplayer | 10.0 |
| realnetworks | realplayer | 11.0.2.1744 |
| realnetworks | realplayer | 11.0.5 |
| realnetworks | realplayer | 11.0.2 |
| realnetworks | realplayer | 14.0.2 |
| realnetworks | realplayer | 7 |
| realnetworks | realplayer | 8 |
| realnetworks | realplayer | 11.1.3 |
| realnetworks | realplayer | 14.0.3 |
| realnetworks | realplayer | 14.0.0 |
| realnetworks | realplayer | 11.0.1 |
| realnetworks | realplayer | 4 |
| realnetworks | realplayer | 11.1 |
| realnetworks | realplayer | 14.0.6 |
| realnetworks | realplayer | 11.0.4 |
| realnetworks | realplayer | * |
| realnetworks | realplayer | 14.0.5 |
| realnetworks | realplayer | 6 |
| realnetworks | realplayer | 14.0.1.633 |
| realnetworks | realplayer | 14.0.4 |
| realnetworks | realplayer | 11.0.2.2315 |
| realnetworks | realplayer | 5 |
| realnetworks | realplayer | 14.0.1.609 |
| realnetworks | realplayer | 11_build_6.0.14.748 |
| realnetworks | realplayer | 12.0.0.1444 |
| realnetworks | realplayer | 11.0 |
| realnetworks | realplayer | 10.5 |
| realnetworks | realplayer | 12.0.0.1548 |
| realnetworks | realplayer | 14.0.1 |
| realnetworks | realplayer | 11.0.3 |
RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via a malformed header in an MP4 file.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-94,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| realnetworks | realplayer | 10.0 |
| realnetworks | realplayer | 11.0.2.1744 |
| realnetworks | realplayer | 11.0.5 |
| realnetworks | realplayer | 11.0.2 |
| realnetworks | realplayer | 14.0.2 |
| realnetworks | realplayer | 7 |
| realnetworks | realplayer | 8 |
| realnetworks | realplayer | 11.1.3 |
| realnetworks | realplayer | 14.0.3 |
| realnetworks | realplayer | 14.0.0 |
| realnetworks | realplayer | 11.0.1 |
| realnetworks | realplayer | 4 |
| realnetworks | realplayer | 11.1 |
| realnetworks | realplayer | 14.0.6 |
| realnetworks | realplayer | 11.0.4 |
| realnetworks | realplayer | * |
| realnetworks | realplayer | 14.0.5 |
| realnetworks | realplayer | 6 |
| realnetworks | realplayer | 14.0.1.633 |
| realnetworks | realplayer | 14.0.4 |
| realnetworks | realplayer | 11.0.2.2315 |
| realnetworks | realplayer | 5 |
| realnetworks | realplayer | 14.0.1.609 |
| realnetworks | realplayer | 11_build_6.0.14.748 |
| realnetworks | realplayer | 12.0.0.1444 |
| realnetworks | realplayer | 11.0 |
| realnetworks | realplayer | 10.5 |
| realnetworks | realplayer | 12.0.0.1548 |
| realnetworks | realplayer | 14.0.1 |
| realnetworks | realplayer | 11.0.3 |
RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via crafted video dimensions in an MP4 file.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| realnetworks | realplayer | 10.0 |
| realnetworks | realplayer | 11.0.2.1744 |
| realnetworks | realplayer | 11.0.5 |
| realnetworks | realplayer | 11.0.2 |
| realnetworks | realplayer | 14.0.2 |
| realnetworks | realplayer | 7 |
| realnetworks | realplayer | 8 |
| realnetworks | realplayer | 11.1.3 |
| realnetworks | realplayer | 14.0.3 |
| realnetworks | realplayer | 14.0.0 |
| realnetworks | realplayer | 11.0.1 |
| realnetworks | realplayer | 4 |
| realnetworks | realplayer | 11.1 |
| realnetworks | realplayer | 14.0.6 |
| realnetworks | realplayer | 11.0.4 |
| realnetworks | realplayer | * |
| realnetworks | realplayer | 14.0.5 |
| realnetworks | realplayer | 6 |
| realnetworks | realplayer | 14.0.1.633 |
| realnetworks | realplayer | 14.0.4 |
| realnetworks | realplayer | 11.0.2.2315 |
| realnetworks | realplayer | 5 |
| realnetworks | realplayer | 14.0.1.609 |
| realnetworks | realplayer | 11_build_6.0.14.748 |
| realnetworks | realplayer | 12.0.0.1444 |
| realnetworks | realplayer | 11.0 |
| realnetworks | realplayer | 10.5 |
| realnetworks | realplayer | 12.0.0.1548 |
| realnetworks | realplayer | 14.0.1 |
| realnetworks | realplayer | 11.0.3 |
Unspecified vulnerability in RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via a crafted MP4 file.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| realnetworks | realplayer | 10.0 |
| realnetworks | realplayer | 11.0.2.1744 |
| realnetworks | realplayer | 11.0.5 |
| realnetworks | realplayer | 11.0.2 |
| realnetworks | realplayer | 14.0.2 |
| realnetworks | realplayer | 7 |
| realnetworks | realplayer | 8 |
| realnetworks | realplayer | 11.1.3 |
| realnetworks | realplayer | 14.0.3 |
| realnetworks | realplayer | 14.0.0 |
| realnetworks | realplayer | 11.0.1 |
| realnetworks | realplayer | 4 |
| realnetworks | realplayer | 11.1 |
| realnetworks | realplayer | 14.0.6 |
| realnetworks | realplayer | 11.0.4 |
| realnetworks | realplayer | * |
| realnetworks | realplayer | 14.0.5 |
| realnetworks | realplayer | 6 |
| realnetworks | realplayer | 14.0.1.633 |
| realnetworks | realplayer | 14.0.4 |
| realnetworks | realplayer | 11.0.2.2315 |
| realnetworks | realplayer | 5 |
| realnetworks | realplayer | 14.0.1.609 |
| realnetworks | realplayer | 11_build_6.0.14.748 |
| realnetworks | realplayer | 12.0.0.1444 |
| realnetworks | realplayer | 11.0 |
| realnetworks | realplayer | 10.5 |
| realnetworks | realplayer | 12.0.0.1548 |
| realnetworks | realplayer | 14.0.1 |
| realnetworks | realplayer | 11.0.3 |
rvrender.dll in RealNetworks RealPlayer 11.x, 14.x, and 15.x before 15.02.71, and RealPlayer SP 1.0 through 1.1.5, allows remote attackers to execute arbitrary code via crafted flags in an RMFF file.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-94,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| realnetworks | realplayer_sp | 1.0.5 |
| realnetworks | realplayer_sp | 1.1.4 |
| realnetworks | realplayer | 11.0.2.1744 |
| realnetworks | realplayer | 11.0.5 |
| realnetworks | realplayer | 11.0.2 |
| realnetworks | realplayer | 14.0.2 |
| realnetworks | realplayer | 11.1.3 |
| realnetworks | realplayer | 14.0.3 |
| realnetworks | realplayer_sp | 1.1 |
| realnetworks | realplayer | 14.0.0 |
| realnetworks | realplayer_sp | 1.0.2 |
| realnetworks | realplayer | 11.0.1 |
| realnetworks | realplayer | 14.0.7 |
| realnetworks | realplayer | 11.1 |
| realnetworks | realplayer_sp | 1.1.1 |
| realnetworks | realplayer | 15.0.0 |
| realnetworks | realplayer | 14.0.6 |
| realnetworks | realplayer | 11.0.4 |
| realnetworks | realplayer_sp | 1.1.5 |
| realnetworks | realplayer | 14.0.5 |
| realnetworks | realplayer | 15.0.1.13 |
| realnetworks | realplayer | 14.0.1.633 |
| realnetworks | realplayer | 14.0.4 |
| realnetworks | realplayer_sp | 1.0.1 |
| realnetworks | realplayer | 11.0.2.2315 |
| realnetworks | realplayer | 14.0.1.609 |
| realnetworks | realplayer_sp | 1.1.2 |
| realnetworks | realplayer_sp | 1.1.3 |
| realnetworks | realplayer | 11_build_6.0.14.748 |
| realnetworks | realplayer | 11.0 |
| realnetworks | realplayer | 14.0.1 |
| realnetworks | realplayer | 11.0.3 |
| realnetworks | realplayer_sp | 1.0.0 |
The RV20 codec in RealNetworks RealPlayer 11.x, 14.x, and 15.x before 15.02.71, and RealPlayer SP 1.0 through 1.1.5, does not properly handle the frame size array, which allows remote attackers to execute arbitrary code via a crafted RV20 RealVideo video stream.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-94,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| realnetworks | realplayer_sp | 1.0.5 |
| realnetworks | realplayer_sp | 1.1.4 |
| realnetworks | realplayer | 11.0.2.1744 |
| realnetworks | realplayer | 11.0.5 |
| realnetworks | realplayer | 11.0.2 |
| realnetworks | realplayer | 14.0.2 |
| realnetworks | realplayer | 11.1.3 |
| realnetworks | realplayer | 14.0.3 |
| realnetworks | realplayer_sp | 1.1 |
| realnetworks | realplayer | 14.0.0 |
| realnetworks | realplayer_sp | 1.0.2 |
| realnetworks | realplayer | 11.0.1 |
| realnetworks | realplayer | 14.0.7 |
| realnetworks | realplayer | 11.1 |
| realnetworks | realplayer_sp | 1.1.1 |
| realnetworks | realplayer | 15.0.0 |
| realnetworks | realplayer | 14.0.6 |
| realnetworks | realplayer | 11.0.4 |
| realnetworks | realplayer_sp | 1.1.5 |
| realnetworks | realplayer | 14.0.5 |
| realnetworks | realplayer | 15.0.1.13 |
| realnetworks | realplayer | 14.0.1.633 |
| realnetworks | realplayer | 14.0.4 |
| realnetworks | realplayer_sp | 1.0.1 |
| realnetworks | realplayer | 11.0.2.2315 |
| realnetworks | realplayer | 14.0.1.609 |
| realnetworks | realplayer_sp | 1.1.2 |
| realnetworks | realplayer_sp | 1.1.3 |
| realnetworks | realplayer | 11_build_6.0.14.748 |
| realnetworks | realplayer | 11.0 |
| realnetworks | realplayer | 14.0.1 |
| realnetworks | realplayer | 11.0.3 |
| realnetworks | realplayer_sp | 1.0.0 |
RealNetworks RealPlayer 11.x, 14.x, and 15.x before 15.02.71, and RealPlayer SP 1.0 through 1.1.5, allows remote attackers to execute arbitrary code via vectors involving a VIDOBJ_START_CODE code in a header within a video stream.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-94,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| realnetworks | realplayer_sp | 1.0.5 |
| realnetworks | realplayer_sp | 1.1.4 |
| realnetworks | realplayer | 11.0.2.1744 |
| realnetworks | realplayer | 11.0.5 |
| realnetworks | realplayer | 11.0.2 |
| realnetworks | realplayer | 14.0.2 |
| realnetworks | realplayer | 11.1.3 |
| realnetworks | realplayer | 14.0.3 |
| realnetworks | realplayer_sp | 1.1 |
| realnetworks | realplayer | 14.0.0 |
| realnetworks | realplayer_sp | 1.0.2 |
| realnetworks | realplayer | 11.0.1 |
| realnetworks | realplayer | 14.0.7 |
| realnetworks | realplayer | 11.1 |
| realnetworks | realplayer_sp | 1.1.1 |
| realnetworks | realplayer | 15.0.0 |
| realnetworks | realplayer | 14.0.6 |
| realnetworks | realplayer | 11.0.4 |
| realnetworks | realplayer_sp | 1.1.5 |
| realnetworks | realplayer | 14.0.5 |
| realnetworks | realplayer | 15.0.1.13 |
| realnetworks | realplayer | 14.0.1.633 |
| realnetworks | realplayer | 14.0.4 |
| realnetworks | realplayer_sp | 1.0.1 |
| realnetworks | realplayer | 11.0.2.2315 |
| realnetworks | realplayer | 14.0.1.609 |
| realnetworks | realplayer_sp | 1.1.2 |
| realnetworks | realplayer_sp | 1.1.3 |
| realnetworks | realplayer | 11_build_6.0.14.748 |
| realnetworks | realplayer | 11.0 |
| realnetworks | realplayer | 14.0.1 |
| realnetworks | realplayer | 11.0.3 |
| realnetworks | realplayer_sp | 1.0.0 |
Unspecified vulnerability in the RV40 codec in RealNetworks RealPlayer 11.x, 14.x, and 15.x before 15.02.71, and RealPlayer SP 1.0 through 1.1.5, allows remote attackers to execute arbitrary code via a crafted RV40 RealVideo video stream.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-94,NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| realnetworks | realplayer_sp | 1.0.5 |
| realnetworks | realplayer_sp | 1.1.4 |
| realnetworks | realplayer | 11.0.2.1744 |
| realnetworks | realplayer | 11.0.5 |
| realnetworks | realplayer | 11.0.2 |
| realnetworks | realplayer | 14.0.2 |
| realnetworks | realplayer | 11.1.3 |
| realnetworks | realplayer | 14.0.3 |
| realnetworks | realplayer_sp | 1.1 |
| realnetworks | realplayer | 14.0.0 |
| realnetworks | realplayer_sp | 1.0.2 |
| realnetworks | realplayer | 11.0.1 |
| realnetworks | realplayer | 14.0.7 |
| realnetworks | realplayer | 11.1 |
| realnetworks | realplayer_sp | 1.1.1 |
| realnetworks | realplayer | 15.0.0 |
| realnetworks | realplayer | 14.0.6 |
| realnetworks | realplayer | 11.0.4 |
| realnetworks | realplayer_sp | 1.1.5 |
| realnetworks | realplayer | 14.0.5 |
| realnetworks | realplayer | 15.0.1.13 |
| realnetworks | realplayer | 14.0.1.633 |
| realnetworks | realplayer | 14.0.4 |
| realnetworks | realplayer_sp | 1.0.1 |
| realnetworks | realplayer | 11.0.2.2315 |
| realnetworks | realplayer | 14.0.1.609 |
| realnetworks | realplayer_sp | 1.1.2 |
| realnetworks | realplayer_sp | 1.1.3 |
| realnetworks | realplayer | 11_build_6.0.14.748 |
| realnetworks | realplayer | 11.0 |
| realnetworks | realplayer | 14.0.1 |
| realnetworks | realplayer | 11.0.3 |
| realnetworks | realplayer_sp | 1.0.0 |
The RV10 codec in RealNetworks RealPlayer 11.x, 14.x, and 15.x before 15.02.71, and RealPlayer SP 1.0 through 1.1.5, does not properly handle height and width values, which allows remote attackers to execute arbitrary code via a crafted RV10 RealVideo video stream.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-94,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| realnetworks | realplayer_sp | 1.0.5 |
| realnetworks | realplayer_sp | 1.1.4 |
| realnetworks | realplayer | 11.0.2.1744 |
| realnetworks | realplayer | 11.0.5 |
| realnetworks | realplayer | 11.0.2 |
| realnetworks | realplayer | 14.0.2 |
| realnetworks | realplayer | 11.1.3 |
| realnetworks | realplayer | 14.0.3 |
| realnetworks | realplayer_sp | 1.1 |
| realnetworks | realplayer | 14.0.0 |
| realnetworks | realplayer_sp | 1.0.2 |
| realnetworks | realplayer | 11.0.1 |
| realnetworks | realplayer | 14.0.7 |
| realnetworks | realplayer | 11.1 |
| realnetworks | realplayer_sp | 1.1.1 |
| realnetworks | realplayer | 15.0.0 |
| realnetworks | realplayer | 14.0.6 |
| realnetworks | realplayer | 11.0.4 |
| realnetworks | realplayer_sp | 1.1.5 |
| realnetworks | realplayer | 14.0.5 |
| realnetworks | realplayer | 15.0.1.13 |
| realnetworks | realplayer | 14.0.1.633 |
| realnetworks | realplayer | 14.0.4 |
| realnetworks | realplayer_sp | 1.0.1 |
| realnetworks | realplayer | 11.0.2.2315 |
| realnetworks | realplayer | 14.0.1.609 |
| realnetworks | realplayer_sp | 1.1.2 |
| realnetworks | realplayer_sp | 1.1.3 |
| realnetworks | realplayer | 11_build_6.0.14.748 |
| realnetworks | realplayer | 11.0 |
| realnetworks | realplayer | 14.0.1 |
| realnetworks | realplayer | 11.0.3 |
| realnetworks | realplayer_sp | 1.0.0 |
Unspecified vulnerability in RealNetworks RealPlayer 11.x, 14.x, and 15.x before 15.02.71, and RealPlayer SP 1.0 through 1.1.5, allows remote attackers to execute arbitrary code via vectors involving the coded_frame_size value in a RealAudio audio stream.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-94,NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| realnetworks | realplayer_sp | 1.0.5 |
| realnetworks | realplayer_sp | 1.1.4 |
| realnetworks | realplayer | 11.0.2.1744 |
| realnetworks | realplayer | 11.0.5 |
| realnetworks | realplayer | 11.0.2 |
| realnetworks | realplayer | 14.0.2 |
| realnetworks | realplayer | 11.1.3 |
| realnetworks | realplayer | 14.0.3 |
| realnetworks | realplayer_sp | 1.1 |
| realnetworks | realplayer | 14.0.0 |
| realnetworks | realplayer_sp | 1.0.2 |
| realnetworks | realplayer | 11.0.1 |
| realnetworks | realplayer | 14.0.7 |
| realnetworks | realplayer | 11.1 |
| realnetworks | realplayer_sp | 1.1.1 |
| realnetworks | realplayer | 15.0.0 |
| realnetworks | realplayer | 14.0.6 |
| realnetworks | realplayer | 11.0.4 |
| realnetworks | realplayer_sp | 1.1.5 |
| realnetworks | realplayer | 14.0.5 |
| realnetworks | realplayer | 15.0.1.13 |
| realnetworks | realplayer | 14.0.1.633 |
| realnetworks | realplayer | 14.0.4 |
| realnetworks | realplayer_sp | 1.0.1 |
| realnetworks | realplayer | 11.0.2.2315 |
| realnetworks | realplayer | 14.0.1.609 |
| realnetworks | realplayer_sp | 1.1.2 |
| realnetworks | realplayer_sp | 1.1.3 |
| realnetworks | realplayer | 11_build_6.0.14.748 |
| realnetworks | realplayer | 11.0 |
| realnetworks | realplayer | 14.0.1 |
| realnetworks | realplayer | 11.0.3 |
| realnetworks | realplayer_sp | 1.0.0 |
The ATRAC codec in RealNetworks RealPlayer 11.x and 14.x through 14.0.7, RealPlayer SP 1.0 through 1.1.5, and Mac RealPlayer 12.x before 12.0.0.1703 does not properly decode samples, which allows remote attackers to execute arbitrary code via a crafted ATRAC audio file.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-94,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| realnetworks | realplayer_sp | 1.0.5 |
| realnetworks | realplayer_sp | 1.1.4 |
| realnetworks | realplayer | 11.0.2.1744 |
| realnetworks | realplayer | 11.0.5 |
| realnetworks | realplayer | 11.0.2 |
| realnetworks | realplayer | 14.0.2 |
| realnetworks | realplayer | 11.1.3 |
| realnetworks | realplayer | 14.0.3 |
| realnetworks | realplayer_sp | 1.1 |
| realnetworks | realplayer | 14.0.0 |
| realnetworks | realplayer_sp | 1.0.2 |
| realnetworks | realplayer | 11.0.1 |
| realnetworks | realplayer | 14.0.7 |
| realnetworks | realplayer | 11.1 |
| realnetworks | realplayer_sp | 1.1.1 |
| realnetworks | realplayer | 12.0.0.1701 |
| realnetworks | realplayer | 14.0.6 |
| realnetworks | realplayer | 11.0.4 |
| realnetworks | realplayer_sp | 1.1.5 |
| realnetworks | realplayer | 14.0.5 |
| realnetworks | realplayer | 12.0.0.1569 |
| realnetworks | realplayer | 14.0.1.633 |
| realnetworks | realplayer | 14.0.4 |
| realnetworks | realplayer_sp | 1.0.1 |
| realnetworks | realplayer | 11.0.2.2315 |
| realnetworks | realplayer | 14.0.1.609 |
| realnetworks | realplayer_sp | 1.1.2 |
| realnetworks | realplayer_sp | 1.1.3 |
| realnetworks | realplayer | 11_build_6.0.14.748 |
| realnetworks | realplayer | 11.0 |
| realnetworks | realplayer | 14.0.1 |
| realnetworks | realplayer | 11.0.3 |
| realnetworks | realplayer_sp | 1.0.0 |
Buffer overflow in rn5auth.dll in RealNetworks Helix Server and Helix Mobile Server 14.x before 14.3.x allows remote attackers to execute arbitrary code via crafted authentication credentials.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| realnetworks | helix_server | 14.0.0 |
| realnetworks | helix_server | 14.0.1 |
| realnetworks | helix_server | 14.2 |
| realnetworks | helix_server | 14.2.0.212 |
| realnetworks | helix_mobile_server | 14.0.1 |
| realnetworks | helix_mobile_server | 14.0.0 |
mp4fformat.dll in the QuickTime File Format plugin in RealNetworks RealPlayer 15 and earlier, and RealPlayer SP 1.1.4 Build 12.0.0.756 and earlier, allows remote attackers to cause a denial of service (memory corruption and application crash) via a crafted MP4 file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| realnetworks | realplayer_sp | 1.0.5 |
| realnetworks | realplayer | 10.0 |
| realnetworks | realplayer | 11.0.2.1744 |
| realnetworks | realplayer | 11.0.5 |
| realnetworks | realplayer | 11.0.2 |
| realnetworks | realplayer | 14.0.2 |
| realnetworks | realplayer | 7 |
| realnetworks | realplayer | 8 |
| realnetworks | realplayer | 11.1.3 |
| realnetworks | realplayer | 14.0.3 |
| realnetworks | realplayer_sp | 1.1 |
| realnetworks | realplayer | 14.0.0 |
| realnetworks | realplayer_sp | 1.0.2 |
| realnetworks | realplayer | 11.0.1 |
| realnetworks | realplayer | 4 |
| realnetworks | realplayer | 11.1 |
| realnetworks | realplayer_sp | 1.1.1 |
| realnetworks | realplayer | 11.0.4 |
| realnetworks | realplayer | * |
| realnetworks | realplayer | 14.0.5 |
| realnetworks | realplayer | 6 |
| realnetworks | realplayer | 14.0.4 |
| realnetworks | realplayer_sp | 1.0.1 |
| realnetworks | realplayer | 11.0.2.2315 |
| realnetworks | realplayer | 5 |
| realnetworks | realplayer | 14.0.1.609 |
| realnetworks | realplayer_sp | 1.1.2 |
| realnetworks | realplayer_sp | 1.1.3 |
| realnetworks | realplayer | 11_build_6.0.14.748 |
| realnetworks | realplayer | 12.0.0.1444 |
| realnetworks | realplayer | 11.0 |
| realnetworks | realplayer | 10.5 |
| realnetworks | realplayer | 12.0.0.1548 |
| realnetworks | realplayer | 14.0.1 |
| realnetworks | realplayer_sp | * |
| realnetworks | realplayer | 11.0.3 |
| realnetworks | realplayer_sp | 1.0.0 |
RealNetworks Helix Server and Helix Mobile Server 14.x before 14.3.x store passwords in cleartext under adm_b_db\users\, which allows local users to obtain sensitive information by reading a database.
CVSS 2.0
Severity: LOW
Problem Type: CWE-310,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| realnetworks | helix_server | 14.0.0 |
| realnetworks | helix_server | 14.0.1 |
| realnetworks | helix_server | 14.2 |
| realnetworks | helix_server | 14.2.0.212 |
| realnetworks | helix_mobile_server | 14.0.1 |
| realnetworks | helix_mobile_server | 14.0.0 |
Multiple cross-site scripting (XSS) vulnerabilities in RealNetworks Helix Server and Helix Mobile Server 14.x before 14.3.x allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| realnetworks | helix_server | 14.0.0 |
| realnetworks | helix_server | 14.0.1 |
| realnetworks | helix_server | 14.2 |
| realnetworks | helix_server | 14.2.0.212 |
| realnetworks | helix_mobile_server | 14.0.1 |
| realnetworks | helix_mobile_server | 14.0.0 |
Cross-site request forgery (CSRF) vulnerability in RealNetworks Helix Server and Helix Mobile Server 14.x before 14.3.x allows remote attackers to hijack the authentication of administrators for requests that cause a denial of service (stack consumption and daemon crash) via a malformed URL.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-352,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| realnetworks | helix_server | 14.0.0 |
| realnetworks | helix_server | 14.0.1 |
| realnetworks | helix_server | 14.2 |
| realnetworks | helix_server | 14.2.0.212 |
| realnetworks | helix_mobile_server | 14.0.1 |
| realnetworks | helix_mobile_server | 14.0.0 |
master.exe in the SNMP Master Agent in RealNetworks Helix Server and Helix Mobile Server 14.x before 14.3.x allows remote attackers to cause a denial of service (daemon crash) by establishing and closing a port-705 TCP connection, a different vulnerability than CVE-2012-1923.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| realnetworks | helix_server | 14.0.0 |
| realnetworks | helix_server | 14.0.1 |
| realnetworks | helix_server | 14.2 |
| realnetworks | helix_server | 14.2.0.212 |
| realnetworks | helix_mobile_server | 14.0.1 |
| realnetworks | helix_mobile_server | 14.0.0 |
master.exe in the SNMP Master Agent in RealNetworks Helix Server and Helix Mobile Server 14.x before 14.3.x allows remote attackers to cause a denial of service (unhandled exception and daemon crash) via a crafted Open-PDU request that triggers incorrect DisplayString processing, a different vulnerability than CVE-2012-1923.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| realnetworks | helix_server | 14.0.0 |
| realnetworks | helix_server | 14.0.1 |
| realnetworks | helix_server | 14.2 |
| realnetworks | helix_server | 14.2.0.212 |
| realnetworks | helix_mobile_server | 14.0.1 |
| realnetworks | helix_mobile_server | 14.0.0 |
RealNetworks RealPlayer before 15.0.4.53, and RealPlayer SP 1.0 through 1.1.5, does not properly parse ASMRuleBook data in RealMedia files, which allows remote attackers to execute arbitrary code via a crafted file.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| realnetworks | realplayer_sp | 1.0.5 |
| realnetworks | realplayer | 15.02.71 |
| realnetworks | realplayer | 10.0 |
| realnetworks | realplayer_sp | 1.1.4 |
| realnetworks | realplayer | 11.0.2.1744 |
| realnetworks | realplayer | 11.0.5 |
| realnetworks | realplayer | 11.0.2 |
| realnetworks | realplayer | 14.0.2 |
| realnetworks | realplayer | 7 |
| realnetworks | realplayer | 8 |
| realnetworks | realplayer | 11.1.3 |
| realnetworks | realplayer | 14.0.3 |
| realnetworks | realplayer_sp | 1.1 |
| realnetworks | realplayer | 14.0.0 |
| realnetworks | realplayer_sp | 1.0.2 |
| realnetworks | realplayer | 11.0.1 |
| realnetworks | realplayer | 4 |
| realnetworks | realplayer | 11.1 |
| realnetworks | realplayer_sp | 1.1.1 |
| realnetworks | realplayer | 15.0.0 |
| realnetworks | realplayer | 11.0.4 |
| realnetworks | realplayer | * |
| realnetworks | realplayer_sp | 1.1.5 |
| realnetworks | realplayer | 14.0.5 |
| realnetworks | realplayer | 15.0.1.13 |
| realnetworks | realplayer | 6 |
| realnetworks | realplayer | 14.0.4 |
| realnetworks | realplayer_sp | 1.0.1 |
| realnetworks | realplayer | 11.0.2.2315 |
| realnetworks | realplayer | 5 |
| realnetworks | realplayer | 14.0.1.609 |
| realnetworks | realplayer_sp | 1.1.2 |
| realnetworks | realplayer_sp | 1.1.3 |
| realnetworks | realplayer | 11_build_6.0.14.748 |
| realnetworks | realplayer | 12.0.0.1444 |
| realnetworks | realplayer | 11.0 |
| realnetworks | realplayer | 10.5 |
| realnetworks | realplayer | 12.0.0.1548 |
| realnetworks | realplayer | 14.0.1 |
| realnetworks | realplayer | 11.0.3 |
| realnetworks | realplayer_sp | 1.0.0 |
Buffer overflow in RealNetworks RealPlayer before 15.0.4.53, and RealPlayer SP 1.0 through 1.1.5, allows remote attackers to execute arbitrary code via a crafted RealJukebox Media file.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| realnetworks | realplayer_sp | 1.0.5 |
| realnetworks | realplayer | 15.02.71 |
| realnetworks | realplayer | 10.0 |
| realnetworks | realplayer_sp | 1.1.4 |
| realnetworks | realplayer | 11.0.2.1744 |
| realnetworks | realplayer | 11.0.5 |
| realnetworks | realplayer | 11.0.2 |
| realnetworks | realplayer | 14.0.2 |
| realnetworks | realplayer | 7 |
| realnetworks | realplayer | 8 |
| realnetworks | realplayer | 11.1.3 |
| realnetworks | realplayer | 14.0.3 |
| realnetworks | realplayer_sp | 1.1 |
| realnetworks | realplayer | 14.0.0 |
| realnetworks | realplayer_sp | 1.0.2 |
| realnetworks | realplayer | 11.0.1 |
| realnetworks | realplayer | 4 |
| realnetworks | realplayer | 11.1 |
| realnetworks | realplayer_sp | 1.1.1 |
| realnetworks | realplayer | 15.0.0 |
| realnetworks | realplayer | 11.0.4 |
| realnetworks | realplayer | * |
| realnetworks | realplayer_sp | 1.1.5 |
| realnetworks | realplayer | 14.0.5 |
| realnetworks | realplayer | 15.0.1.13 |
| realnetworks | realplayer | 6 |
| realnetworks | realplayer | 14.0.4 |
| realnetworks | realplayer_sp | 1.0.1 |
| realnetworks | realplayer | 11.0.2.2315 |
| realnetworks | realplayer | 5 |
| realnetworks | realplayer | 14.0.1.609 |
| realnetworks | realplayer_sp | 1.1.2 |
| realnetworks | realplayer_sp | 1.1.3 |
| realnetworks | realplayer | 11_build_6.0.14.748 |
| realnetworks | realplayer | 12.0.0.1444 |
| realnetworks | realplayer | 11.0 |
| realnetworks | realplayer | 10.5 |
| realnetworks | realplayer | 12.0.0.1548 |
| realnetworks | realplayer | 14.0.1 |
| realnetworks | realplayer | 11.0.3 |
| realnetworks | realplayer_sp | 1.0.0 |
RealNetworks RealPlayer before 16.0.0.282 and RealPlayer SP 1.0 through 1.1.5 allow remote attackers to execute arbitrary code via a RealAudio file that triggers access to an invalid pointer.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-94,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| realnetworks | realplayer_sp | 1.0.5 |
| realnetworks | realplayer | 15.02.71 |
| realnetworks | realplayer | 10.0 |
| realnetworks | realplayer_sp | 1.1.4 |
| realnetworks | realplayer | 11.0.2.1744 |
| realnetworks | realplayer | 11.0.5 |
| realnetworks | realplayer | 11.0.2 |
| realnetworks | realplayer | 14.0.2 |
| realnetworks | realplayer | 7 |
| realnetworks | realplayer | 8 |
| realnetworks | realplayer | 11.1.3 |
| realnetworks | realplayer | 14.0.3 |
| realnetworks | realplayer_sp | 1.1 |
| realnetworks | realplayer | 14.0.0 |
| realnetworks | realplayer | 15.0.4 |
| realnetworks | realplayer_sp | 1.0.2 |
| realnetworks | realplayer | 11.0.1 |
| realnetworks | realplayer | 4 |
| realnetworks | realplayer | 11.1 |
| realnetworks | realplayer_sp | 1.1.1 |
| realnetworks | realplayer | 15.0.6.14 |
| realnetworks | realplayer | 15.0.0 |
| realnetworks | realplayer | 11.0.4 |
| realnetworks | realplayer | * |
| realnetworks | realplayer_sp | 1.1.5 |
| realnetworks | realplayer | 14.0.5 |
| realnetworks | realplayer | 6 |
| realnetworks | realplayer | 14.0.4 |
| realnetworks | realplayer_sp | 1.0.1 |
| realnetworks | realplayer | 11.0.2.2315 |
| realnetworks | realplayer | 5 |
| realnetworks | realplayer | 14.0.1.609 |
| realnetworks | realplayer_sp | 1.1.2 |
| realnetworks | realplayer_sp | 1.1.3 |
| realnetworks | realplayer | 11_build_6.0.14.748 |
| realnetworks | realplayer | 12.0.0.1444 |
| realnetworks | realplayer | 11.0 |
| realnetworks | realplayer | 10.5 |
| realnetworks | realplayer | 12.0.0.1548 |
| realnetworks | realplayer | 15.0.5.109 |
| realnetworks | realplayer | 14.0.1 |
| realnetworks | realplayer | 11.0.3 |
| realnetworks | realplayer_sp | 1.0.0 |
| realnetworks | realplayer | 15.0.4.43 |
Buffer overflow in RealNetworks RealPlayer before 16.0.0.282 and RealPlayer SP 1.0 through 1.1.5 allows remote attackers to execute arbitrary code via a crafted RealMedia file.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| realnetworks | realplayer_sp | 1.0.5 |
| realnetworks | realplayer | 15.02.71 |
| realnetworks | realplayer | 10.0 |
| realnetworks | realplayer_sp | 1.1.4 |
| realnetworks | realplayer | 11.0.2.1744 |
| realnetworks | realplayer | 11.0.5 |
| realnetworks | realplayer | 11.0.2 |
| realnetworks | realplayer | 14.0.2 |
| realnetworks | realplayer | 7 |
| realnetworks | realplayer | 8 |
| realnetworks | realplayer | 11.1.3 |
| realnetworks | realplayer | 14.0.3 |
| realnetworks | realplayer_sp | 1.1 |
| realnetworks | realplayer | 14.0.0 |
| realnetworks | realplayer | 15.0.4 |
| realnetworks | realplayer_sp | 1.0.2 |
| realnetworks | realplayer | 11.0.1 |
| realnetworks | realplayer | 4 |
| realnetworks | realplayer | 11.1 |
| realnetworks | realplayer_sp | 1.1.1 |
| realnetworks | realplayer | 15.0.6.14 |
| realnetworks | realplayer | 15.0.0 |
| realnetworks | realplayer | 11.0.4 |
| realnetworks | realplayer | * |
| realnetworks | realplayer_sp | 1.1.5 |
| realnetworks | realplayer | 14.0.5 |
| realnetworks | realplayer | 6 |
| realnetworks | realplayer | 14.0.4 |
| realnetworks | realplayer_sp | 1.0.1 |
| realnetworks | realplayer | 11.0.2.2315 |
| realnetworks | realplayer | 5 |
| realnetworks | realplayer | 14.0.1.609 |
| realnetworks | realplayer_sp | 1.1.2 |
| realnetworks | realplayer_sp | 1.1.3 |
| realnetworks | realplayer | 11_build_6.0.14.748 |
| realnetworks | realplayer | 12.0.0.1444 |
| realnetworks | realplayer | 11.0 |
| realnetworks | realplayer | 10.5 |
| realnetworks | realplayer | 12.0.0.1548 |
| realnetworks | realplayer | 15.0.5.109 |
| realnetworks | realplayer | 14.0.1 |
| realnetworks | realplayer | 11.0.3 |
| realnetworks | realplayer_sp | 1.0.0 |
| realnetworks | realplayer | 15.0.4.43 |
Heap-based buffer overflow in RealNetworks RealPlayer before 16.0.1.18 and RealPlayer SP 1.0 through 1.1.5 allows remote attackers to execute arbitrary code via a malformed MP4 file.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| realnetworks | realplayer | 10.0 |
| realnetworks | realplayer | 11.0.5 |
| realnetworks | realplayer | 11.0.2 |
| realnetworks | realplayer | 14.0.2 |
| realnetworks | realplayer | 14.0.0 |
| realnetworks | realplayer | 15.0.4 |
| realnetworks | realplayer | 11.0.1 |
| realnetworks | realplayer | 4 |
| realnetworks | realplayer | 16.0.0 |
| realnetworks | realplayer_sp | 1.1.1 |
| realnetworks | realplayer | 15.0.3.37 |
| realnetworks | realplayer | 15.0.0 |
| realnetworks | realplayer | * |
| realnetworks | realplayer | 14.0.5 |
| realnetworks | realplayer | 14.0.4 |
| realnetworks | realplayer | 5 |
| realnetworks | realplayer | 14.0.1.609 |
| realnetworks | realplayer_sp | 1.1.2 |
| realnetworks | realplayer_sp | 1.1.3 |
| realnetworks | realplayer | 12.0.0.1444 |
| realnetworks | realplayer | 10.5 |
| realnetworks | realplayer | 15.0.4.43 |
| realnetworks | realplayer_sp | 1.0.5 |
| realnetworks | realplayer | 15.02.71 |
| realnetworks | realplayer_sp | 1.1.4 |
| realnetworks | realplayer | 11.0.2.1744 |
| realnetworks | realplayer | 7 |
| realnetworks | realplayer | 8 |
| realnetworks | realplayer | 11.1.3 |
| realnetworks | realplayer | 14.0.3 |
| realnetworks | realplayer_sp | 1.1 |
| realnetworks | realplayer_sp | 1.0.2 |
| realnetworks | realplayer | 11.1 |
| realnetworks | realplayer | 15.0.6.14 |
| realnetworks | realplayer | 11.0.4 |
| realnetworks | realplayer_sp | 1.1.5 |
| realnetworks | realplayer | 15.0.1.13 |
| realnetworks | realplayer | 6 |
| realnetworks | realplayer_sp | 1.0.1 |
| realnetworks | realplayer | 11.0.2.2315 |
| realnetworks | realplayer | 11_build_6.0.14.748 |
| realnetworks | realplayer | 11.0 |
| realnetworks | realplayer | 15.0.2.72 |
| realnetworks | realplayer | 12.0.0.1548 |
| realnetworks | realplayer | 15.0.5.109 |
| realnetworks | realplayer | 14.0.1 |
| realnetworks | realplayer | 11.0.3 |
| realnetworks | realplayer_sp | 1.0.0 |
The RACInstaller.StateCtrl.1 ActiveX control in InstallerDlg.dll in RealNetworks GameHouse RealArcade Installer 2.6.0.481 performs unexpected type conversions for invalid parameter types, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via crafted arguments to the (1) AddTag, (2) Ping, (3) QueuePause, (4) QueueRemove, (5) QueueTop, (6) RemoveTag, (7) TagRemoved, or (8) message method.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| realnetworks | realarcade_installer | 2.6.0.481 |
RealNetworks GameHouse RealArcade Installer (aka ActiveMARK Game Installer) 2.6.0.481 and 3.0.7 uses weak permissions (Create Files/Write Data) for the GameHouse Games directory tree, which allows local users to gain privileges via a Trojan horse DLL in an individual game's directory, as demonstrated by DDRAW.DLL in the Zuma Deluxe directory.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| realnetworks | realarcade_installer | 3.0.7 |
| realnetworks | realarcade_installer | 2.6.0.481 |
RealNetworks RealPlayer 16.0.2.32 and earlier allows remote attackers to cause a denial of service (resource consumption or application crash) via an HTML document containing JavaScript code that constructs a long string.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| realnetworks | realplayer | 15.02.71 |
| realnetworks | realplayer | 10.0 |
| realnetworks | realplayer | 11.0.2.1744 |
| realnetworks | realplayer | 11.0.5 |
| realnetworks | realplayer | 11.0.2 |
| realnetworks | realplayer | 14.0.2 |
| realnetworks | realplayer | 7 |
| realnetworks | realplayer | 8 |
| realnetworks | realplayer | 11.1.3 |
| realnetworks | realplayer | 14.0.3 |
| realnetworks | realplayer | 14.0.0 |
| realnetworks | realplayer | 15.0.4 |
| realnetworks | realplayer | 16.0.0.282 |
| realnetworks | realplayer | 11.0.1 |
| realnetworks | realplayer | 4 |
| realnetworks | realplayer | 16.0.0 |
| realnetworks | realplayer | 11.1 |
| realnetworks | realplayer | 15.0.6.14 |
| realnetworks | realplayer | 15.0.3.37 |
| realnetworks | realplayer | 15.0.0 |
| realnetworks | realplayer | 11.0.4 |
| realnetworks | realplayer | * |
| realnetworks | realplayer | 14.0.5 |
| realnetworks | realplayer | 15.0.1.13 |
| realnetworks | realplayer | 6 |
| realnetworks | realplayer | 14.0.4 |
| realnetworks | realplayer | 11.0.2.2315 |
| realnetworks | realplayer | 5 |
| realnetworks | realplayer | 14.0.1.609 |
| realnetworks | realplayer | 11_build_6.0.14.748 |
| realnetworks | realplayer | 12.0.0.1444 |
| realnetworks | realplayer | 11.0 |
| realnetworks | realplayer | 15.0.2.72 |
| realnetworks | realplayer | 10.5 |
| realnetworks | realplayer | 12.0.0.1548 |
| realnetworks | realplayer | 15.0.5.109 |
| realnetworks | realplayer | 14.0.1 |
| realnetworks | realplayer | 11.0.3 |
| realnetworks | realplayer | 15.0.4.43 |
Stack-based buffer overflow in RealNetworks RealPlayer before 16.0.3.51, and RealPlayer SP 1.0 through 1.1.5, allows remote attackers to execute arbitrary code via a crafted .rmp file.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| realnetworks | realplayer_sp | 1.0.5 |
| realnetworks | realplayer | 15.02.71 |
| realnetworks | realplayer | 10.0 |
| realnetworks | realplayer_sp | 1.1.4 |
| realnetworks | realplayer | 11.0.2.1744 |
| realnetworks | realplayer | 11.0.5 |
| realnetworks | realplayer | 11.0.2 |
| realnetworks | realplayer | 14.0.2 |
| realnetworks | realplayer | 11.1.3 |
| realnetworks | realplayer | 14.0.3 |
| realnetworks | realplayer_sp | 1.1 |
| realnetworks | realplayer | 14.0.0 |
| realnetworks | realplayer | 15.0.4 |
| realnetworks | realplayer_sp | 1.0.2 |
| realnetworks | realplayer | 16.0.0.282 |
| realnetworks | realplayer | 11.0.1 |
| realnetworks | realplayer | 16.0.0 |
| realnetworks | realplayer | 11.1 |
| realnetworks | realplayer_sp | 1.1.1 |
| realnetworks | realplayer | 15.0.6.14 |
| realnetworks | realplayer | 15.0.0 |
| realnetworks | realplayer | 11.0.4 |
| realnetworks | realplayer | * |
| realnetworks | realplayer_sp | 1.1.5 |
| realnetworks | realplayer | 14.0.5 |
| realnetworks | realplayer | 14.0.4 |
| realnetworks | realplayer_sp | 1.0.1 |
| realnetworks | realplayer | 11.0.2.2315 |
| realnetworks | realplayer | 14.0.1.609 |
| realnetworks | realplayer_sp | 1.1.2 |
| realnetworks | realplayer_sp | 1.1.3 |
| realnetworks | realplayer | 11_build_6.0.14.748 |
| realnetworks | realplayer | 12.0.0.1444 |
| realnetworks | realplayer | 11.0 |
| realnetworks | realplayer | 10.5 |
| realnetworks | realplayer | 12.0.0.1548 |
| realnetworks | realplayer | 15.0.5.109 |
| realnetworks | realplayer | 14.0.1 |
| realnetworks | realplayer | 11.0.3 |
| realnetworks | realplayer_sp | 1.0.0 |
| realnetworks | realplayer | 16.0.1.18 |
| realnetworks | realplayer | 15.0.4.43 |
RealNetworks RealPlayer before 16.0.3.51, and RealPlayer SP 1.0 through 1.1.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a malformed RealMedia file.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| realnetworks | realplayer_sp | 1.0.5 |
| realnetworks | realplayer | 15.02.71 |
| realnetworks | realplayer | 10.0 |
| realnetworks | realplayer_sp | 1.1.4 |
| realnetworks | realplayer | 11.0.2.1744 |
| realnetworks | realplayer | 11.0.5 |
| realnetworks | realplayer | 11.0.2 |
| realnetworks | realplayer | 14.0.2 |
| realnetworks | realplayer | 11.1.3 |
| realnetworks | realplayer | 14.0.3 |
| realnetworks | realplayer_sp | 1.1 |
| realnetworks | realplayer | 14.0.0 |
| realnetworks | realplayer | 15.0.4 |
| realnetworks | realplayer_sp | 1.0.2 |
| realnetworks | realplayer | 16.0.0.282 |
| realnetworks | realplayer | 11.0.1 |
| realnetworks | realplayer | 16.0.0 |
| realnetworks | realplayer | 11.1 |
| realnetworks | realplayer_sp | 1.1.1 |
| realnetworks | realplayer | 15.0.6.14 |
| realnetworks | realplayer | 15.0.0 |
| realnetworks | realplayer | 11.0.4 |
| realnetworks | realplayer | * |
| realnetworks | realplayer_sp | 1.1.5 |
| realnetworks | realplayer | 14.0.5 |
| realnetworks | realplayer | 14.0.4 |
| realnetworks | realplayer_sp | 1.0.1 |
| realnetworks | realplayer | 11.0.2.2315 |
| realnetworks | realplayer | 14.0.1.609 |
| realnetworks | realplayer_sp | 1.1.2 |
| realnetworks | realplayer_sp | 1.1.3 |
| realnetworks | realplayer | 11_build_6.0.14.748 |
| realnetworks | realplayer | 12.0.0.1444 |
| realnetworks | realplayer | 11.0 |
| realnetworks | realplayer | 10.5 |
| realnetworks | realplayer | 12.0.0.1548 |
| realnetworks | realplayer | 15.0.5.109 |
| realnetworks | realplayer | 14.0.1 |
| realnetworks | realplayer | 11.0.3 |
| realnetworks | realplayer_sp | 1.0.0 |
| realnetworks | realplayer | 16.0.1.18 |
| realnetworks | realplayer | 15.0.4.43 |
Heap-based buffer overflow in RealNetworks RealPlayer before 17.0.4.61 on Windows, and Mac RealPlayer before 12.0.1.1738, allows remote attackers to execute arbitrary code via a long string in the TRACKID element of an RMP file, a different vulnerability than CVE-2013-7260.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| realnetworks | realplayer | 16.0.2.32 |
| realnetworks | realplayer | 16.0.3.51 |
Multiple stack-based buffer overflows in RealNetworks RealPlayer before 17.0.4.61 on Windows, and Mac RealPlayer before 12.0.1.1738, allow remote attackers to execute arbitrary code via a long (1) version number or (2) encoding declaration in the XML declaration of an RMP file, a different issue than CVE-2013-6877.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| realnetworks | realplayer | 15.02.71 |
| realnetworks | realplayer | 10.0 |
| realnetworks | realplayer | 11.0.2.1744 |
| realnetworks | realplayer | 11.0.5 |
| realnetworks | realplayer | 11.0.2 |
| realnetworks | realplayer | 14.0.2 |
| realnetworks | realplayer | 7 |
| realnetworks | realplayer | 8 |
| realnetworks | realplayer | 11.1.3 |
| realnetworks | realplayer | 14.0.3 |
| realnetworks | realplayer | 14.0.0 |
| realnetworks | realplayer | 15.0.4 |
| realnetworks | realplayer | 16.0.0.282 |
| realnetworks | realplayer | 11.0.1 |
| realnetworks | realplayer | 4 |
| realnetworks | realplayer | 16.0.0 |
| realnetworks | realplayer | 11.1 |
| realnetworks | realplayer | 2.1.2 |
| realnetworks | realplayer | 12.0.0.1701 |
| realnetworks | realplayer | 15.0.6.14 |
| realnetworks | realplayer | 15.0.0 |
| realnetworks | realplayer | 11.0.4 |
| realnetworks | realplayer | * |
| realnetworks | realplayer | 14.0.5 |
| realnetworks | realplayer | 10.1 |
| realnetworks | realplayer | 2.1.3 |
| realnetworks | realplayer | 6 |
| realnetworks | realplayer | 14.0.4 |
| realnetworks | realplayer | 16.0.3.51 |
| realnetworks | realplayer | 2.1.4 |
| realnetworks | realplayer | 11.0.2.2315 |
| realnetworks | realplayer | 5 |
| realnetworks | realplayer | 14.0.1.609 |
| realnetworks | realplayer | 16.0.2.32 |
| realnetworks | realplayer | 11_build_6.0.14.748 |
| realnetworks | realplayer | 12.0.0.1444 |
| realnetworks | realplayer | 11.0 |
| realnetworks | realplayer | 10.5 |
| realnetworks | realplayer | 12.0.0.1548 |
| realnetworks | realplayer | 15.0.5.109 |
| realnetworks | realplayer | 12.0.1.1737 |
| realnetworks | realplayer | 14.0.1 |
| realnetworks | realplayer | 11.0.3 |
| realnetworks | realplayer | 16.0.1.18 |
| realnetworks | realplayer | 15.0.4.43 |
Multiple buffer overflows in RealNetworks RealPlayer before 17.0.10.8 allow remote attackers to execute arbitrary code via a malformed (1) elst or (2) stsz atom in an MP4 file.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| realnetworks | realplayer | * |
| realnetworks | realplayer | 17.0.4.60 |
The GetGUID function in codecs/dmp4.dll in RealNetworks RealPlayer 16.0.3.51 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (write access violation and application crash) via a malformed .3gp file.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-94,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| realnetworks | realplayer | 16.0.0 |
| realnetworks | realplayer | 16.0.2.32 |
| realnetworks | realplayer | 16.0.0.282 |
| realnetworks | realplayer | 16.0.1.18 |
| realnetworks | realplayer | * |
Improper handling of a repeating VRAT chunk in qcpfformat.dll allows attackers to cause a Null pointer dereference and crash in RealNetworks RealPlayer 18.1.5.705 through a crafted .QCP media file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-476,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| realnetworks | realplayer | 18.1.5.705 |
RealPlayer 16.0.2.32 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted mp4 file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-369,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| realnetworks | realplayer | 16.0.2.32 |
RealOne Player 2.0 Build 6.0.11.872 allows remote attackers to cause a denial of service (array out-of-bounds access and application crash) via a crafted .aiff file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| realnetworks | realone_player | 2.0 |
In Real Player 20.0.8.310, the G2 Control allows injection of unsafe javascript: URIs in local HTTP error pages (displayed by Internet Explorer core). This leads to arbitrary code execution.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| realnetworks | realplayer | 20.0.8.310 |
In Real Player 20.0.7.309 and 20.0.8.310, external::Import() allows download of arbitrary file types and Directory Traversal, leading to Remote Code Execution. This occurs because it is possible to plant executables in the startup folder (DLL planting could also occur).
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-22,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| realnetworks | realplayer | 20.0.8.310 |
| realnetworks | realplayer | 20.0.7.309 |
In Real Player 20.0.8.310, there is a DCP:// URI Remote Arbitrary Code Execution Vulnerability. This is an internal URL Protocol used by Real Player to reference a file that contains an URL. It is possible to inject script code to arbitrary domains. It is also possible to reference arbitrary local files.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.6 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H | 2.8 | 6.0 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| realnetworks | realplayer | 20.0.8.310 |
In Real Player through 20.1.0.312, attackers can execute arbitrary code by placing a UNC share pathname (for a DLL file) in a RAM file.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| realnetworks | realplayer | * |