cbcvebase.

Realnetworks Realplayer vulnerabilities

167 known vulnerabilities affecting realnetworks/realplayer.

Total CVEs
167
CISA KEV
0
Public exploits
24
Exploited in wild
1
Severity breakdown
CRITICAL118HIGH13MEDIUM32LOW4

Vulnerabilities

Page 7 of 9
CVE-2010-0121P3CRITICALCVSS 10.0v11.0v11.0.1+7 more2010-12-14
CVE-2010-0121 [CRITICAL] CVE-2010-0121: The cook codec in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.5, Mac Re The cook codec in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.5, Mac RealPlayer 11.0 through 12.0.0.1444, and Linux RealPlayer 11.0.2.1744 does not properly perform initialization, which has unspecified impact and attack vectors.
nvd
CVE-2005-2922P3CRITICALCVSS 9.3v8.0v10.0+15 more2005-12-31
CVE-2005-2922 [CRITICAL] CWE-119 CVE-2005-2922: Heap-based buffer overflow in the embedded player in multiple RealNetworks products and versions inc Heap-based buffer overflow in the embedded player in multiple RealNetworks products and versions including RealPlayer 10.x, RealOne Player, and Helix Player allows remote malicious servers to cause a denial of service (crash) and possibly execute arbitrary code via a chunked Transfer-Encoding HTTP response in which either (1) the chunk header length
nvd
CVE-2008-3064P3CRITICALCVSS 10.0v10.0v10.52008-07-28
CVE-2008-3064 [CRITICAL] CWE-264 CVE-2008-3064: Unspecified vulnerability in RealNetworks RealPlayer Enterprise, RealPlayer 10, and RealPlayer 10.5 Unspecified vulnerability in RealNetworks RealPlayer Enterprise, RealPlayer 10, and RealPlayer 10.5 before build 6.0.12.1675 has unknown impact and attack vectors, probably related to accessing local files, aka a "Local resource reference vulnerability."
nvd
CVE-2013-3299P4MEDIUMCVSS 4.3PoC≤ 16.0.2.32v4+37 more2013-07-06
CVE-2013-3299 [MEDIUM] CWE-20 CVE-2013-3299: RealNetworks RealPlayer 16.0.2.32 and earlier allows remote attackers to cause a denial of service ( RealNetworks RealPlayer 16.0.2.32 and earlier allows remote attackers to cause a denial of service (resource consumption or application crash) via an HTML document containing JavaScript code that constructs a long string.
nvd
CVE-2000-0280P4LOWCVSS 2.6PoCv6.0v7.02000-04-03
CVE-2000-0280 [LOW] CVE-2000-0280: Buffer overflow in the RealNetworks RealPlayer client versions 6 and 7 allows remote attackers to ca Buffer overflow in the RealNetworks RealPlayer client versions 6 and 7 allows remote attackers to cause a denial of service via a long Location URL.
nvd
CVE-2004-0258P3HIGHCVSS 7.6v8.0v10.0_beta2004-11-23
CVE-2004-0258 [HIGH] CVE-2004-0258: Multiple buffer overflows in RealOne Player, RealOne Player 2.0, RealOne Enterprise Desktop, and Rea Multiple buffer overflows in RealOne Player, RealOne Player 2.0, RealOne Enterprise Desktop, and RealPlayer Enterprise allow remote attackers to execute arbitrary code via malformed (1) .RP, (2) .RT, (3) .RAM, (4) .RPM or (5) .SMIL files.
nvd
CVE-2006-6759P4MEDIUMCVSS 5.0PoCv10.52006-12-27
CVE-2006-6759 [MEDIUM] CVE-2006-6759: A certain ActiveX control in rpau3260.dll in RealNetworks RealPlayer 10.5 allows remote attackers to A certain ActiveX control in rpau3260.dll in RealNetworks RealPlayer 10.5 allows remote attackers to cause a denial of service (Internet Explorer crash) by invoking the RealPlayer.Initialize method with certain arguments.
nvd
CVE-2005-0189P3HIGHCVSS 7.5v10.0v10.0_6.0.12.690+4 more2004-10-06
CVE-2005-0189 [HIGH] CVE-2005-0189: Stack-based buffer overflow in the HandleAction function in RealPlayer 10.5 (6.0.12.1040) and earlie Stack-based buffer overflow in the HandleAction function in RealPlayer 10.5 (6.0.12.1040) and earlier allows remote attackers to execute arbitrary code via a long ShowPreferences argument.
nvd
CVE-2007-6235P4MEDIUMCVSS 5.0PoCv112007-12-04
CVE-2007-6235 [MEDIUM] CVE-2007-6235: A certain ActiveX control in RealNetworks RealPlayer 11 allows remote attackers to cause a denial of A certain ActiveX control in RealNetworks RealPlayer 11 allows remote attackers to cause a denial of service (application crash) via a malformed .au file that triggers a divide-by-zero error. NOTE: this might be related to CVE-2007-4904.
nvd
CVE-2010-3002P4CRITICALCVSS 9.3v11.0v11.12010-08-30
CVE-2010-3002 [CRITICAL] CVE-2010-3002: Unspecified vulnerability in RealNetworks RealPlayer 11.0 through 11.1 allows attackers to bypass in Unspecified vulnerability in RealNetworks RealPlayer 11.0 through 11.1 allows attackers to bypass intended access restrictions on files via unknown vectors.
nvd
CVE-2012-2407P4HIGHCVSS 7.5≤ 15.0.5.109v2.1.2+32 more2012-09-12
CVE-2012-2407 [HIGH] CWE-119 CVE-2012-2407: Buffer overflow in RealNetworks RealPlayer before 15.0.6.14, RealPlayer SP 1.0 through 1.1.5, and Ma Buffer overflow in RealNetworks RealPlayer before 15.0.6.14, RealPlayer SP 1.0 through 1.1.5, and Mac RealPlayer before 12.0.1.1750 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted AAC file that is not properly handled during stream-data unpacking.
nvd
CVE-2012-2409P4HIGHCVSS 7.5≤ 15.0.5.109v2.1.2+32 more2012-09-12
CVE-2012-2409 [HIGH] CWE-119 CVE-2012-2409: Buffer overflow in RealNetworks RealPlayer before 15.0.6.14, RealPlayer SP 1.0 through 1.1.5, and Ma Buffer overflow in RealNetworks RealPlayer before 15.0.6.14, RealPlayer SP 1.0 through 1.1.5, and Mac RealPlayer before 12.0.1.1750 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted RealMedia file, a different vulnerability than CVE-2012-2410.
nvd
CVE-2006-1370P4CRITICALCVSS 9.3v8.0v10.0+7 more2006-03-23
CVE-2006-1370 [CRITICAL] CVE-2006-1370: Buffer overflow in RealNetworks RealPlayer 10.5 6.0.12.1040 through 6.0.12.1348, RealPlayer 10, Real Buffer overflow in RealNetworks RealPlayer 10.5 6.0.12.1040 through 6.0.12.1348, RealPlayer 10, RealOne Player v2, RealOne Player v1, RealPlayer 8, and RealPlayer Enterprise before 20060322 allows remote attackers to have an unknown impact via a malicious Mimio boardCast (mbc) file.
nvd
CVE-2010-3001P4CRITICALCVSS 9.3v11.0v11.12010-08-30
CVE-2010-3001 [CRITICAL] CVE-2010-3001: Unspecified vulnerability in an ActiveX control in the Internet Explorer (IE) plugin in RealNetworks Unspecified vulnerability in an ActiveX control in the Internet Explorer (IE) plugin in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.4 on Windows has unknown impact and attack vectors related to "multiple browser windows."
nvd
CVE-2004-0550P4HIGHCVSS 7.5v10.02004-08-06
CVE-2004-0550 [HIGH] CVE-2004-0550: Buffer overflow in Real Networks RealPlayer 10 allows remote attackers to execute arbitrary code via Buffer overflow in Real Networks RealPlayer 10 allows remote attackers to execute arbitrary code via a URL with a large number of "." (period) characters.
nvd
CVE-2005-3677P4HIGHCVSS 7.5v10.0v10.5_6.0.12.1040+5 more2005-11-18
CVE-2005-3677 [HIGH] CVE-2005-3677: Buffer overflow in RealNetworks RealPlayer 10 and 10.5 allows remote attackers to execute arbitrary Buffer overflow in RealNetworks RealPlayer 10 and 10.5 allows remote attackers to execute arbitrary code via a crafted image in a RealPlayer Skin (RJS) file. NOTE: due to the lack of details, it is unclear how this is different than CVE-2005-2629 and CVE-2005-2630, but the vendor advisory implies that it is different.
nvd
CVE-2007-4904P4MEDIUMCVSS 4.3PoCv10.0.8v10.0.9+2 more2007-09-17
CVE-2007-4904 [MEDIUM] CWE-189 CVE-2007-4904: RealNetworks RealPlayer 10.1.0.3114 and earlier, and Helix Player 1.0.6.778 on Fedora Core 6 (FC6) a RealNetworks RealPlayer 10.1.0.3114 and earlier, and Helix Player 1.0.6.778 on Fedora Core 6 (FC6) and possibly other platforms, allow user-assisted remote attackers to cause a denial of service (application crash) via a malformed .au file that triggers a divide-by-zero error.
nvd
CVE-2005-0611P4MEDIUMCVSS 5.1v8.0v10.0+1 more2005-05-02
CVE-2005-0611 [MEDIUM] CVE-2005-0611: Heap-based buffer overflow in RealNetworks RealPlayer 10.5 (6.0.12.1056 and earlier), 10, 8, and Rea Heap-based buffer overflow in RealNetworks RealPlayer 10.5 (6.0.12.1056 and earlier), 10, 8, and RealOne Player V2 and V1, allows remote attackers to execute arbitrary code via .WAV files.
nvd
CVE-2012-4987P4MEDIUMCVSS 6.8v15.0.5.1092012-11-04
CVE-2012-4987 [MEDIUM] CWE-119 CVE-2012-4987: Stack-based buffer overflow in RealNetworks RealPlayer 15.0.5.109 allows user-assisted remote attack Stack-based buffer overflow in RealNetworks RealPlayer 15.0.5.109 allows user-assisted remote attackers to execute arbitrary code via a crafted ZIP file that triggers incorrect processing of long pathnames by the Watch Folders feature.
nvd
CVE-2012-2410P4MEDIUMCVSS 6.8≤ 15.0.5.109v2.1.2+32 more2012-09-12
CVE-2012-2410 [MEDIUM] CVE-2012-2410: Buffer overflow in RealNetworks RealPlayer before 15.0.6.14, RealPlayer SP 1.0 through 1.1.5, and Ma Buffer overflow in RealNetworks RealPlayer before 15.0.6.14, RealPlayer SP 1.0 through 1.1.5, and Mac RealPlayer before 12.0.1.1750 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted RealMedia file, a different vulnerability than CVE-2012-2409.
nvd
Realnetworks Realplayer vulnerabilities | cvebase