cbcvebase.

Realnetworks Realplayer vulnerabilities

167 known vulnerabilities affecting realnetworks/realplayer.

Total CVEs
167
CISA KEV
0
Public exploits
24
Exploited in wild
1
Severity breakdown
CRITICAL118HIGH13MEDIUM32LOW4

Vulnerabilities

Page 1 of 9
CVE-2007-5601P2CRITICALCVSS 9.3ExploitedPoCv10.0v10.5+1 more2007-10-20
CVE-2007-5601 [CRITICAL] CWE-119 CVE-2007-5601: Stack-based buffer overflow in the Database Component in MPAMedia.dll in RealNetworks RealPlayer 10. Stack-based buffer overflow in the Database Component in MPAMedia.dll in RealNetworks RealPlayer 10.5 and 11 beta, and earlier versions including 10, RealOne Player, and RealOne Player 2, allows remote attackers to execute arbitrary code via certain playlist names, as demonstrated via the import method to the IERPCtl ActiveX control in ierpplug.dll.
nvd
CVE-2013-7260P2HIGHCVSS 7.5PoC≤ 17.0.4.60v2.1.2+43 more2014-01-03
CVE-2013-7260 [HIGH] CVE-2013-7260: Multiple stack-based buffer overflows in RealNetworks RealPlayer before 17.0.4.61 on Windows, and Ma Multiple stack-based buffer overflows in RealNetworks RealPlayer before 17.0.4.61 on Windows, and Mac RealPlayer before 12.0.1.1738, allow remote attackers to execute arbitrary code via a long (1) version number or (2) encoding declaration in the XML declaration of an RMP file, a different issue than CVE-2013-6877.
nvd
CVE-2010-3749P2CRITICALCVSS 9.3PoCv11.0v11.0.1+5 more2010-10-19
CVE-2010-3749 [CRITICAL] CWE-94 CVE-2010-3749: The browser-plugin implementation in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 The browser-plugin implementation in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1 allows remote attackers to arguments to the RecordClip method, which allows remote attackers to download an arbitrary program onto a client machine, and execute this program, via a " (double quote) in an argument to the RecordClip method,
nvd
CVE-2012-5691P2CRITICALCVSS 9.3PoC≤ 16.0.0v4+32 more2012-12-19
CVE-2012-5691 [CRITICAL] CWE-119 CVE-2012-5691: Buffer overflow in RealNetworks RealPlayer before 16.0.0.282 and RealPlayer SP 1.0 through 1.1.5 all Buffer overflow in RealNetworks RealPlayer before 16.0.0.282 and RealPlayer SP 1.0 through 1.1.5 allows remote attackers to execute arbitrary code via a crafted RealMedia file.
nvd
CVE-2008-1309P2CRITICALCVSS 9.3PoCv10.0v10.5+1 more2008-03-12
CVE-2008-1309 [CRITICAL] CWE-399 CVE-2008-1309: The RealAudioObjects.RealAudio ActiveX control in rmoc3260.dll in RealNetworks RealPlayer Enterprise The RealAudioObjects.RealAudio ActiveX control in rmoc3260.dll in RealNetworks RealPlayer Enterprise, RealPlayer 10, RealPlayer 10.5 before build 6.0.12.1675, and RealPlayer 11 before 11.0.3 build 6.0.14.806 does not properly manage memory for the (1) Console or (2) Controls property, which allows remote attackers to execute arbitrary code or cause
nvd
CVE-2011-2950P2CRITICALCVSS 9.3PoCv11.0v11.1+6 more2011-08-18
CVE-2011-2950 [CRITICAL] CWE-119 CVE-2011-2950: Heap-based buffer overflow in qcpfformat.dll in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 Heap-based buffer overflow in qcpfformat.dll in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5 and RealPlayer SP 1.0 through 1.1.5 allows remote attackers to execute arbitrary code via a crafted QCP file.
nvd
CVE-2010-3747P2CRITICALCVSS 9.3PoCv11.0v11.0.1+6 more2010-10-19
CVE-2010-3747 [CRITICAL] CWE-119 CVE-2010-3747: An ActiveX control in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.4, an An ActiveX control in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.4, and RealPlayer Enterprise 2.1.2 does not properly initialize an unspecified object component during parsing of a CDDA URI, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized pointer dereference and applic
nvd
CVE-2007-3410P3CRITICALCVSS 9.3PoCv10.0v10.1+1 more2007-06-26
CVE-2007-3410 [CRITICAL] CWE-119 CVE-2007-3410: Stack-based buffer overflow in the SmilTimeValue::parseWallClockValue function in smlprstime.cpp in Stack-based buffer overflow in the SmilTimeValue::parseWallClockValue function in smlprstime.cpp in RealNetworks RealPlayer 10, 10.1, and possibly 10.5, RealOne Player, RealPlayer Enterprise, and Helix Player 10.5-GOLD and 10.0.5 through 10.0.8, allows remote attackers to execute arbitrary code via an SMIL (SMIL2) file with a long wallclock value.
nvd
CVE-2013-6877P3CRITICALCVSS 9.3PoCv16.0.2.32v16.0.3.512013-12-19
CVE-2013-6877 [CRITICAL] CWE-119 CVE-2013-6877: Heap-based buffer overflow in RealNetworks RealPlayer before 17.0.4.61 on Windows, and Mac RealPlaye Heap-based buffer overflow in RealNetworks RealPlayer before 17.0.4.61 on Windows, and Mac RealPlayer before 12.0.1.1738, allows remote attackers to execute arbitrary code via a long string in the TRACKID element of an RMP file, a different vulnerability than CVE-2013-7260.
nvd
CVE-2010-3000P3CRITICALCVSS 9.3PoCv11.0v11.12010-08-30
CVE-2010-3000 [CRITICAL] CWE-189 CVE-2010-3000: Multiple integer overflows in the ParseKnownType function in RealNetworks RealPlayer 11.0 through 11 Multiple integer overflows in the ParseKnownType function in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.4 on Windows allow remote attackers to execute arbitrary code via crafted (1) HX_FLV_META_AMF_TYPE_MIXEDARRAY or (2) HX_FLV_META_AMF_TYPE_ARRAY data in an FLV file.
nvd
CVE-2011-1525P3CRITICALCVSS 9.3PoC≤ 14.0.1.633v4+22 more2011-04-06
CVE-2011-1525 [CRITICAL] CWE-119 CVE-2011-1525: Heap-based buffer overflow in rvrender.dll in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 t Heap-based buffer overflow in rvrender.dll in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.2, and RealPlayer SP 1.0 through 1.1.5, allows remote attackers to execute arbitrary code via a crafted frame in an Internet Video Recording (IVR) file.
nvd
CVE-2014-3444P3CRITICALCVSS 9.3PoC≤ 16.0.3.51v16.0.0+3 more2014-05-20
CVE-2014-3444 [CRITICAL] CWE-94 CVE-2014-3444: The GetGUID function in codecs/dmp4.dll in RealNetworks RealPlayer 16.0.3.51 and earlier allows remo The GetGUID function in codecs/dmp4.dll in RealNetworks RealPlayer 16.0.3.51 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (write access violation and application crash) via a malformed .3gp file.
nvd
CVE-2006-0323P3CRITICALCVSS 9.3PoCv10.0v10.0.6+1 more2006-03-23
CVE-2006-0323 [CRITICAL] CWE-119 CVE-2006-0323: Buffer overflow in swfformat.dll in multiple RealNetworks products and versions including RealPlayer Buffer overflow in swfformat.dll in multiple RealNetworks products and versions including RealPlayer 10.x, RealOne Player, Rhapsody 3, and Helix Player allows remote attackers to execute arbitrary code via a crafted SWF (Flash) file with (1) a size value that is less than the actual size, or (2) other unspecified manipulations.
nvd
CVE-2005-2710P3MEDIUMCVSS 5.1PoCv10.02005-09-27
CVE-2005-2710 [MEDIUM] CVE-2005-2710: Format string vulnerability in Real HelixPlayer and RealPlayer 10 allows remote attackers to execute Format string vulnerability in Real HelixPlayer and RealPlayer 10 allows remote attackers to execute arbitrary code via the (1) image handle or (2) timeformat attribute in a RealPix (.rp) or RealText (.rt) file.
nvd
CVE-2005-2629P3MEDIUMCVSS 5.1PoCv8.0v10.0+7 more2005-11-18
CVE-2005-2629 [MEDIUM] CVE-2005-2629: Integer overflow in RealNetworks RealPlayer 8, 10, and 10.5, RealOne Player 1 and 2, and Helix Playe Integer overflow in RealNetworks RealPlayer 8, 10, and 10.5, RealOne Player 1 and 2, and Helix Player 10.0.0 allows remote attackers to execute arbitrary code via an .rm movie file with a large value in the length field of the first data packet, which leads to a stack-based buffer overflow, a different vulnerability than CVE-2004-1481.
nvd
CVE-2022-32270P3CRITICALCVSS 9.8v20.0.7.309v20.0.8.3102022-06-03
CVE-2022-32270 [CRITICAL] CWE-22 CVE-2022-32270: In Real Player 20.0.7.309 and 20.0.8.310, external::Import() allows download of arbitrary file types In Real Player 20.0.7.309 and 20.0.8.310, external::Import() allows download of arbitrary file types and Directory Traversal, leading to Remote Code Execution. This occurs because it is possible to plant executables in the startup folder (DLL planting could also occur).
nvd
CVE-2022-32269P3CRITICALCVSS 9.8v20.0.8.3102022-06-03
CVE-2022-32269 [CRITICAL] CWE-79 CVE-2022-32269: In Real Player 20.0.8.310, the G2 Control allows injection of unsafe javascript: URIs in local HTTP In Real Player 20.0.8.310, the G2 Control allows injection of unsafe javascript: URIs in local HTTP error pages (displayed by Internet Explorer core). This leads to arbitrary code execution.
nvd
CVE-2011-2946P3CRITICALCVSS 10.0v11.0v11.1+11 more2011-08-18
CVE-2011-2946 [CRITICAL] CVE-2011-2946: Unspecified vulnerability in an ActiveX control in RealNetworks RealPlayer 11.0 through 11.1 and 14. Unspecified vulnerability in an ActiveX control in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5, RealPlayer SP 1.0 through 1.1.5, and RealPlayer Enterprise 2.0 through 2.1.5 allows remote attackers to execute arbitrary code via unknown vectors.
nvd
CVE-2011-4256P3CRITICALCVSS 10.0≤ 12.0.0.1701v7.0+35 more2011-11-24
CVE-2011-4256 [CRITICAL] CWE-94 CVE-2011-4256: The RV30 codec in RealNetworks RealPlayer before 15.0.0 and Mac RealPlayer before 12.0.0.1703 does n The RV30 codec in RealNetworks RealPlayer before 15.0.0 and Mac RealPlayer before 12.0.0.1703 does not initialize an unspecified index value, which allows remote attackers to execute arbitrary code via unknown vectors.
nvd
CVE-2011-4255P3CRITICALCVSS 10.0≤ 12.0.0.1701v7.0+35 more2011-11-24
CVE-2011-4255 [CRITICAL] CVE-2011-4255: Unspecified vulnerability in RealNetworks RealPlayer before 15.0.0 and Mac RealPlayer before 12.0.0. Unspecified vulnerability in RealNetworks RealPlayer before 15.0.0 and Mac RealPlayer before 12.0.0.1703 allows remote attackers to execute arbitrary code via an invalid codec name.
nvd
Realnetworks Realplayer vulnerabilities | cvebase