Realnetworks Realone Player vulnerabilities
33 known vulnerabilities affecting realnetworks/realone_player.
Total CVEs
33
CISA KEV
0
Public exploits
4
Exploited in wild
0
Severity breakdown
CRITICAL10HIGH7MEDIUM14LOW2
Vulnerabilities
Page 1 of 2
CVE-2005-2629P3MEDIUMCVSS 5.1PoCv1.0v2.02005-11-18
CVE-2005-2629 [MEDIUM] CVE-2005-2629: Integer overflow in RealNetworks RealPlayer 8, 10, and 10.5, RealOne Player 1 and 2, and Helix Playe
Integer overflow in RealNetworks RealPlayer 8, 10, and 10.5, RealOne Player 1 and 2, and Helix Player 10.0.0 allows remote attackers to execute arbitrary code via an .rm movie file with a large value in the length field of the first data packet, which leads to a stack-based buffer overflow, a different vulnerability than CVE-2004-1481.
nvd
CVE-2002-0207P3HIGHCVSS 7.5PoC≤ 8.02002-05-16
CVE-2002-0207 [HIGH] CVE-2002-0207: Buffer overflow in Real Networks RealPlayer 8.0 and earlier allows remote attackers to execute arbit
Buffer overflow in Real Networks RealPlayer 8.0 and earlier allows remote attackers to execute arbitrary code via a header length value that exceeds the actual length of the header.
nvd
CVE-2002-1014P4HIGHCVSS 7.5PoCv6.0.10.5052002-10-04
CVE-2002-1014 [HIGH] CVE-2002-1014: Buffer overflow in RealJukebox 2 1.0.2.340 and 1.0.2.379, and RealOne Player Gold 6.0.10.505, allows
Buffer overflow in RealJukebox 2 1.0.2.340 and 1.0.2.379, and RealOne Player Gold 6.0.10.505, allows remote attackers to execute arbitrary code via an RFS skin file whose skin.ini contains a long value in a CONTROLnImage argument, such as CONTROL1Image.
nvd
CVE-2003-0726P4MEDIUMCVSS 5.1PoCv2.0v6.0.10.505+4 more2003-10-20
CVE-2003-0726 [MEDIUM] CVE-2003-0726: RealOne player allows remote attackers to execute arbitrary script in the "My Computer" zone via a S
RealOne player allows remote attackers to execute arbitrary script in the "My Computer" zone via a SMIL presentation with a URL that references a scripting protocol, which is executed in the security context of the previously loaded URL, as demonstrated using a "javascript:" URL in the area tag.
nvd
CVE-2007-5080P3CRITICALCVSS 9.3v1.0v2.02007-10-31
CVE-2007-5080 [CRITICAL] CWE-189 CVE-2007-5080: Integer overflow in RealNetworks RealPlayer 10 and 10.5, RealOne Player 1, and RealPlayer Enterprise
Integer overflow in RealNetworks RealPlayer 10 and 10.5, RealOne Player 1, and RealPlayer Enterprise for Windows allows remote attackers to execute arbitrary code via a crafted Lyrics3 2.00 tag in an MP3 file, resulting in a heap-based buffer overflow.
nvd
CVE-2007-4599P3CRITICALCVSS 9.3v1.0v2.02007-10-31
CVE-2007-4599 [CRITICAL] CWE-119 CVE-2007-4599: Stack-based buffer overflow in RealNetworks RealPlayer 10 and possibly 10.5, and RealOne Player 1 an
Stack-based buffer overflow in RealNetworks RealPlayer 10 and possibly 10.5, and RealOne Player 1 and 2, for Windows allows remote attackers to execute arbitrary code via a crafted playlist (PLS) file.
nvd
CVE-2007-2263P3CRITICALCVSS 9.3v2.02007-10-31
CVE-2007-2263 [CRITICAL] CWE-119 CVE-2007-2263: Heap-based buffer overflow in RealNetworks RealPlayer 10.0, 10.1, and possibly 10.5, RealOne Player,
Heap-based buffer overflow in RealNetworks RealPlayer 10.0, 10.1, and possibly 10.5, RealOne Player, and RealPlayer Enterprise allows remote attackers to execute arbitrary code via an SWF (Flash) file with malformed record headers.
nvd
CVE-2007-2264P3CRITICALCVSS 9.3v1.0v2.02007-10-31
CVE-2007-2264 [CRITICAL] CWE-119 CVE-2007-2264: Heap-based buffer overflow in RealNetworks RealPlayer 8, 10, 10.1, and possibly 10.5; RealOne Player
Heap-based buffer overflow in RealNetworks RealPlayer 8, 10, 10.1, and possibly 10.5; RealOne Player 1 and 2; and RealPlayer Enterprise allows remote attackers to execute arbitrary code via a RAM (.ra or .ram) file with a large size value in the RA header.
nvd
CVE-2004-1094P3CRITICALCVSS 10.0v1.0v2.02005-01-10
CVE-2004-1094 [CRITICAL] CVE-2004-1094: Buffer overflow in InnerMedia DynaZip DUNZIP32.dll file version 5.00.03 and earlier allows remote at
Buffer overflow in InnerMedia DynaZip DUNZIP32.dll file version 5.00.03 and earlier allows remote attackers to execute arbitrary code via a ZIP file containing a file with a long filename, as demonstrated using (1) a .rjs (skin) file in RealPlayer 10 through RealPlayer 10.5 (6.0.12.1053), RealOne Player 1 and 2, (2) the Restore Backup function in CheckMark
nvd
CVE-2007-5081P3CRITICALCVSS 9.3v1.0v2.02007-10-31
CVE-2007-5081 [CRITICAL] CWE-119 CVE-2007-5081: Heap-based buffer overflow in RealNetworks RealPlayer 8, 10, 10.1, and possibly 10.5; RealOne Player
Heap-based buffer overflow in RealNetworks RealPlayer 8, 10, 10.1, and possibly 10.5; RealOne Player 1 and 2; and RealPlayer Enterprise allows remote attackers to execute arbitrary code via a crafted RM file.
nvd
CVE-2005-2922P3CRITICALCVSS 9.3v0.288v0.297+2 more2005-12-31
CVE-2005-2922 [CRITICAL] CWE-119 CVE-2005-2922: Heap-based buffer overflow in the embedded player in multiple RealNetworks products and versions inc
Heap-based buffer overflow in the embedded player in multiple RealNetworks products and versions including RealPlayer 10.x, RealOne Player, and Helix Player allows remote malicious servers to cause a denial of service (crash) and possibly execute arbitrary code via a chunked Transfer-Encoding HTTP response in which either (1) the chunk header length
nvd
CVE-2003-1509P3CRITICALCVSS 10.0v2.0v6.0.11.818+3 more2003-12-31
CVE-2003-1509 [CRITICAL] CVE-2003-1509: Real Networks RealOne Enterprise Desktop 6.0.11.774, RealOne Player 2.0, and RealOne Player 6.0.11.8
Real Networks RealOne Enterprise Desktop 6.0.11.774, RealOne Player 2.0, and RealOne Player 6.0.11.818 through RealOne Player 6.0.11.853 allows remote attackers to execute arbitrary script in the local security zone by embedding script in a temp file before the temp file is executed by the default web browser.
nvd
CVE-2004-0258P3HIGHCVSS 7.6v1.0v2.0+5 more2004-11-23
CVE-2004-0258 [HIGH] CVE-2004-0258: Multiple buffer overflows in RealOne Player, RealOne Player 2.0, RealOne Enterprise Desktop, and Rea
Multiple buffer overflows in RealOne Player, RealOne Player 2.0, RealOne Enterprise Desktop, and RealPlayer Enterprise allow remote attackers to execute arbitrary code via malformed (1) .RP, (2) .RT, (3) .RAM, (4) .RPM or (5) .SMIL files.
nvd
CVE-2005-0189P3HIGHCVSS 7.5v1.0v2.02004-10-06
CVE-2005-0189 [HIGH] CVE-2005-0189: Stack-based buffer overflow in the HandleAction function in RealPlayer 10.5 (6.0.12.1040) and earlie
Stack-based buffer overflow in the HandleAction function in RealPlayer 10.5 (6.0.12.1040) and earlier allows remote attackers to execute arbitrary code via a long ShowPreferences argument.
nvd
CVE-2004-0273P4CRITICALCVSS 9.3v1.0v2.0+5 more2004-11-23
CVE-2004-0273 [CRITICAL] CWE-22 CVE-2004-0273: Directory traversal vulnerability in RealOne Player, RealOne Player 2.0, and RealOne Enterprise Desk
Directory traversal vulnerability in RealOne Player, RealOne Player 2.0, and RealOne Enterprise Desktop allows remote attackers to upload arbitrary files via an RMP file that contains .. (dot dot) sequences in a .rjs skin file.
nvd
CVE-2006-1370P4CRITICALCVSS 9.3v1.0v2.02006-03-23
CVE-2006-1370 [CRITICAL] CVE-2006-1370: Buffer overflow in RealNetworks RealPlayer 10.5 6.0.12.1040 through 6.0.12.1348, RealPlayer 10, Real
Buffer overflow in RealNetworks RealPlayer 10.5 6.0.12.1040 through 6.0.12.1348, RealPlayer 10, RealOne Player v2, RealOne Player v1, RealPlayer 8, and RealPlayer Enterprise before 20060322 allows remote attackers to have an unknown impact via a malicious Mimio boardCast (mbc) file.
nvd
CVE-2005-0611P4MEDIUMCVSS 5.1v1.0v2.02005-05-02
CVE-2005-0611 [MEDIUM] CVE-2005-0611: Heap-based buffer overflow in RealNetworks RealPlayer 10.5 (6.0.12.1056 and earlier), 10, 8, and Rea
Heap-based buffer overflow in RealNetworks RealPlayer 10.5 (6.0.12.1056 and earlier), 10, 8, and RealOne Player V2 and V1, allows remote attackers to execute arbitrary code via .WAV files.
nvd
CVE-2002-1321P4HIGHCVSS 7.5v2.02002-12-11
CVE-2002-1321 [HIGH] CVE-2002-1321: Multiple buffer overflows in RealOne and RealPlayer allow remote attackers to execute arbitrary code
Multiple buffer overflows in RealOne and RealPlayer allow remote attackers to execute arbitrary code via (1) a Synchronized Multimedia Integration Language (SMIL) file with a long parameter, (2) a long long filename in a rtsp:// request, e.g. from a .m3u file, or (3) certain "Now Playing" options on a downloaded file with a long filename.
nvd
CVE-2005-2630P4MEDIUMCVSS 5.1v1.0v2.02005-11-18
CVE-2005-2630 [MEDIUM] CVE-2005-2630: Heap-based buffer overflow in DUNZIP32.DLL for RealPlayer 8, 10, and 10.5 and RealOne Player 1 and 2
Heap-based buffer overflow in DUNZIP32.DLL for RealPlayer 8, 10, and 10.5 and RealOne Player 1 and 2 allows remote attackers to execute arbitrary code via a crafted RealPlayer Skin (RJS) file, a different vulnerability than CVE-2004-1094.
nvd
CVE-2004-1481P4MEDIUMCVSS 5.1v1.0v2.0+2 more2004-12-31
CVE-2004-1481 [MEDIUM] CVE-2004-1481: Integer overflow in pnen3260.dll in RealPlayer 8 through 10.5 (6.0.12.1040) and earlier, and RealOne
Integer overflow in pnen3260.dll in RealPlayer 8 through 10.5 (6.0.12.1040) and earlier, and RealOne Player 1 or 2 on Windows or Mac OS, allows remote attackers to execute arbitrary code via a SMIL file and a .rm movie file with a large length field for the data chunk, which leads to a heap-based buffer overflow.
nvd
1 / 2Next →