cbcvebase.

Realnetworks Realplayer vulnerabilities

167 known vulnerabilities affecting realnetworks/realplayer.

Total CVEs
167
CISA KEV
0
Public exploits
24
Exploited in wild
1
Severity breakdown
CRITICAL118HIGH13MEDIUM32LOW4

Vulnerabilities

Page 8 of 9
CVE-2005-1766P4MEDIUMCVSS 5.1≤ 10.0.52005-06-28
CVE-2005-1766 [MEDIUM] CVE-2005-1766: Heap-based buffer overflow in rtffplin.cpp in RealPlayer 10.5 6.0.12.1056 on Windows, and 10, 10.0.1 Heap-based buffer overflow in rtffplin.cpp in RealPlayer 10.5 6.0.12.1056 on Windows, and 10, 10.0.1.436, and other versions before 10.0.5 on Linux, allows remote attackers to execute arbitrary code via a RealMedia file with a long RealText string, such as an SMIL file.
nvd
CVE-2002-1321P4HIGHCVSS 7.5v6.0v7.0+1 more2002-12-11
CVE-2002-1321 [HIGH] CVE-2002-1321: Multiple buffer overflows in RealOne and RealPlayer allow remote attackers to execute arbitrary code Multiple buffer overflows in RealOne and RealPlayer allow remote attackers to execute arbitrary code via (1) a Synchronized Multimedia Integration Language (SMIL) file with a long parameter, (2) a long long filename in a rtsp:// request, e.g. from a .m3u file, or (3) certain "Now Playing" options on a downloaded file with a long filename.
nvd
CVE-2012-3234P4HIGHCVSS 7.5≤ 15.0.5.109v2.1.2+32 more2012-09-12
CVE-2012-3234 [HIGH] CWE-189 CVE-2012-3234: RealNetworks RealPlayer before 15.0.6.14, RealPlayer SP 1.0 through 1.1.5, and Mac RealPlayer before RealNetworks RealPlayer before 15.0.6.14, RealPlayer SP 1.0 through 1.1.5, and Mac RealPlayer before 12.0.1.1750 do not properly handle codec frame sizes in RealAudio files, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash) or possibly have unspecified other impact via a crafted file.
nvd
CVE-2005-2630P4MEDIUMCVSS 5.1v8.0v10.0+7 more2005-11-18
CVE-2005-2630 [MEDIUM] CVE-2005-2630: Heap-based buffer overflow in DUNZIP32.DLL for RealPlayer 8, 10, and 10.5 and RealOne Player 1 and 2 Heap-based buffer overflow in DUNZIP32.DLL for RealPlayer 8, 10, and 10.5 and RealOne Player 1 and 2 allows remote attackers to execute arbitrary code via a crafted RealPlayer Skin (RJS) file, a different vulnerability than CVE-2004-1094.
nvd
CVE-2005-4126P4HIGHCVSS 7.5v6.0v7.0+12 more2005-12-09
CVE-2005-4126 [HIGH] CVE-2005-4126: ** UNVERIFIABLE, PRERELEASE ** NOTE: this issue describes a problem that can not be independently v ** UNVERIFIABLE, PRERELEASE ** NOTE: this issue describes a problem that can not be independently verified as of 20051208. Unspecified vulnerability in unspecified versions of Real Networks RealPlayer allows attackers to execute arbitrary code. NOTE: the information regarding this issue is extremely vague and does not provide any verifiable information. It has b
nvd
CVE-2012-2408P4MEDIUMCVSS 6.8≤ 15.0.5.109v2.1.2+32 more2012-09-12
CVE-2012-2408 [MEDIUM] CWE-119 CVE-2012-2408: The AAC SDK in RealNetworks RealPlayer before 15.0.6.14, RealPlayer SP 1.0 through 1.1.5, and Mac Re The AAC SDK in RealNetworks RealPlayer before 15.0.6.14, RealPlayer SP 1.0 through 1.1.5, and Mac RealPlayer before 12.0.1.1750 allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a crafted AAC file that is not properly handled during decoding.
nvd
CVE-2004-1481P4MEDIUMCVSS 5.1v8.0v10.0+4 more2004-12-31
CVE-2004-1481 [MEDIUM] CVE-2004-1481: Integer overflow in pnen3260.dll in RealPlayer 8 through 10.5 (6.0.12.1040) and earlier, and RealOne Integer overflow in pnen3260.dll in RealPlayer 8 through 10.5 (6.0.12.1040) and earlier, and RealOne Player 1 or 2 on Windows or Mac OS, allows remote attackers to execute arbitrary code via a SMIL file and a .rm movie file with a large length field for the data chunk, which leads to a heap-based buffer overflow.
nvd
CVE-2005-0755P4MEDIUMCVSS 5.1v8.0v10.0+1 more2005-04-19
CVE-2005-0755 [MEDIUM] CVE-2005-0755: Heap-based buffer overflow in RealPlayer 10 and earlier, Helix Player before 10.0.4, and RealOne Pla Heap-based buffer overflow in RealPlayer 10 and earlier, Helix Player before 10.0.4, and RealOne Player v1 and v2 allows remote attackers to execute arbitrary code via a long hostname in a RAM file.
nvd
CVE-2004-0387P4MEDIUMCVSS 5.1v8.02004-06-01
CVE-2004-0387 [MEDIUM] CVE-2004-0387: Stack-based buffer overflow in the RT3 plugin, as used in RealPlayer 8, RealOne Player, RealOne Play Stack-based buffer overflow in the RT3 plugin, as used in RealPlayer 8, RealOne Player, RealOne Player 10 beta, and RealOne Player Enterprise, allows remote attackers to execute arbitrary code via a malformed .R3T file.
nvd
CVE-2005-2936P4HIGHCVSS 7.2v8.0v10.0+2 more2005-11-18
CVE-2005-2936 [HIGH] CWE-264 CVE-2005-2936: Unquoted Windows search path vulnerability in RealNetworks RealPlayer 10.5 6.0.12.1040 through 6.0.1 Unquoted Windows search path vulnerability in RealNetworks RealPlayer 10.5 6.0.12.1040 through 6.0.12.1348, RealPlayer 10, RealOne Player v2, RealOne Player v1, and RealPlayer 8 before 20060322 might allow local users to gain privileges via a malicious C:\program.exe file.
nvd
CVE-2005-2052P4MEDIUMCVSS 5.1v8.0v10.0+2 more2005-06-28
CVE-2005-2052 [MEDIUM] CVE-2005-2052: Heap-based buffer overflow in vidplin.dll in RealPlayer 10 and 10.5 (6.0.12.1040 through 1069), Real Heap-based buffer overflow in vidplin.dll in RealPlayer 10 and 10.5 (6.0.12.1040 through 1069), RealOne Player v1 and v2, RealPlayer 8 and RealPlayer Enterprise allows remote attackers to execute arbitrary code via an .avi file with a modified strf structure value.
nvd
CVE-2005-2054P4MEDIUMCVSS 5.1v10.0v10.5_6.0.12.1040_10692005-06-29
CVE-2005-2054 [MEDIUM] CVE-2005-2054: Unknown vulnerability in RealPlayer 10 and 10.5 (6.0.12.1040-1069) and RealOne Player v1 and v2 allo Unknown vulnerability in RealPlayer 10 and 10.5 (6.0.12.1040-1069) and RealOne Player v1 and v2 allows remote attackers to overwrite arbitrary files or execute arbitrary ActiveX controls via a crafted MP3 file.
nvd
CVE-2005-0190P4LOWCVSS 2.6v10.0v10.0_6.0.12.690+4 more2004-09-29
CVE-2005-0190 [LOW] CVE-2005-0190: Directory traversal vulnerability in RealPlayer 10.5 (6.0.12.1040) and earlier allows remote attacke Directory traversal vulnerability in RealPlayer 10.5 (6.0.12.1040) and earlier allows remote attackers to delete arbitrary files via a Real Metadata Packages (RMP) file with a FILENAME tag containing .. (dot dot) sequences in a filename that ends with a ? (question mark) and an allowed file extension (e.g. .mp3), which bypasses the check for the file extension.
nvd
CVE-2005-0191P4MEDIUMCVSS 5.1v10.0v10.0_6.0.12.690+4 more2005-01-19
CVE-2005-0191 [MEDIUM] CVE-2005-0191: Off-by-one buffer overflow in the processing of tags in Real Metadata Package (RMP) files in RealPla Off-by-one buffer overflow in the processing of tags in Real Metadata Package (RMP) files in RealPlayer 10.5 (6.0.12.1040) and earlier could allow remote attackers to execute arbitrary code via a long tag.
nvd
CVE-2003-0141P4MEDIUMCVSS 5.1v8.02003-04-02
CVE-2003-0141 [MEDIUM] CVE-2003-0141: The PNG deflate algorithm in RealOne Player 6.0.11.x and earlier, RealPlayer 8/RealPlayer Plus 8 6.0 The PNG deflate algorithm in RealOne Player 6.0.11.x and earlier, RealPlayer 8/RealPlayer Plus 8 6.0.9.584, and other versions allows remote attackers to corrupt the heap and overwrite arbitrary memory via a PNG graphic file format containing compressed data using fixed trees that contain the length values 286-287, which are treated as a very large length.
nvd
CVE-2004-1798P4MEDIUMCVSS 5.1v8.02004-12-31
CVE-2004-1798 [MEDIUM] CVE-2004-1798: RealOne player 6.0.11.868 allows remote attackers to execute arbitrary script in the "My Computer" z RealOne player 6.0.11.868 allows remote attackers to execute arbitrary script in the "My Computer" zone via a Synchronized Multimedia Integration Language (SMIL) presentation with a "file:javascript:" URL, which is executed in the security context of the previously loaded URL, a different vulnerability than CVE-2003-0726.
nvd
CVE-2010-2579P4MEDIUMCVSS 5.0v11.0v11.0.1+6 more2010-12-14
CVE-2010-2579 [MEDIUM] CVE-2010-2579: The cook codec in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.4, RealPl The cook codec in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.4, RealPlayer Enterprise 2.1.2, Mac RealPlayer 11.0 through 11.1, and Linux RealPlayer 11.0.2.1744 does not properly initialize the number of channels, which allows attackers to obtain unspecified "memory access" via unknown vectors.
nvd
CVE-2010-4388P4MEDIUMCVSS 4.3v11.0v11.0.1+7 more2010-12-14
CVE-2010-4388 [MEDIUM] CWE-20 CVE-2010-4388: The (1) Upsell.htm, (2) Main.html, and (3) Custsupport.html components in RealNetworks RealPlayer 11 The (1) Upsell.htm, (2) Main.html, and (3) Custsupport.html components in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.5, and RealPlayer Enterprise 2.1.2 and 2.1.3 allow remote attackers to inject code into the RealOneActiveXObject process, and consequently bypass intended Local Machine Zone restrictions and load arbitrary A
nvd
CVE-2005-0192P4LOWCVSS 2.6v10.0v10.52004-10-06
CVE-2005-0192 [LOW] CVE-2005-0192: Directory traversal vulnerability in the parsing of Skin file names in RealPlayer 10.5 (6.0.12.1040) Directory traversal vulnerability in the parsing of Skin file names in RealPlayer 10.5 (6.0.12.1040) and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in an RJS filename.
nvd
CVE-2011-1221P4MEDIUMCVSS 4.3v11.0v11.1+12 more2011-10-04
CVE-2011-1221 [MEDIUM] CWE-79 CVE-2011-1221: Cross-zone scripting vulnerability in the RealPlayer ActiveX control in RealNetworks RealPlayer 11.0 Cross-zone scripting vulnerability in the RealPlayer ActiveX control in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5, RealPlayer SP 1.0 through 1.1.5, and RealPlayer Enterprise 2.0 through 2.1.5 allows remote attackers to inject arbitrary web script or HTML in the Local Zone via a local HTML document, a different vulnerability th
nvd
Realnetworks Realplayer vulnerabilities | cvebase