Realnetworks Realplayer vulnerabilities
167 known vulnerabilities affecting realnetworks/realplayer.
Total CVEs
167
CISA KEV
0
Public exploits
24
Exploited in wild
1
Severity breakdown
CRITICAL118HIGH13MEDIUM32LOW4
Vulnerabilities
Page 9 of 9
CVE-2010-4396P4MEDIUMCVSS 4.3v11.0v11.0.1+6 more2010-12-14
CVE-2010-4396 [MEDIUM] CWE-20 CVE-2010-4396: Cross-zone scripting vulnerability in the HandleAction method in a certain ActiveX control in RealNe
Cross-zone scripting vulnerability in the HandleAction method in a certain ActiveX control in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.5, and RealPlayer Enterprise 2.1.2 allows remote attackers to inject arbitrary web script or HTML in the Local Zone by specifying a local file in a NavigateToURL action, as demonstrated b
nvd
CVE-2007-6224P4MEDIUMCVSS 5.0v11.02007-12-04
CVE-2007-6224 [MEDIUM] CWE-20 CVE-2007-6224: The RealNetworks RealAudioObjects.RealAudio ActiveX control in rmoc3260.dll, as shipped with RealPla
The RealNetworks RealAudioObjects.RealAudio ActiveX control in rmoc3260.dll, as shipped with RealPlayer 11, allows remote attackers to cause a denial of service (browser crash) via a certain argument to the GetSourceTransport method.
nvd
CVE-2011-2947P4MEDIUMCVSS 4.3v11.0v11.1+6 more2011-08-18
CVE-2011-2947 [MEDIUM] CWE-79 CVE-2011-2947: Cross-zone scripting vulnerability in the RealPlayer ActiveX control in RealNetworks RealPlayer 11.0
Cross-zone scripting vulnerability in the RealPlayer ActiveX control in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5 and RealPlayer SP 1.0 through 1.1.5 allows remote attackers to inject arbitrary web script or HTML in the Local Zone via a local HTML document.
nvd
CVE-2017-9302P4MEDIUMCVSS 5.5v16.0.2.322017-05-29
CVE-2017-9302 [MEDIUM] CWE-369 CVE-2017-9302: RealPlayer 16.0.2.32 allows remote attackers to cause a denial of service (divide-by-zero error and
RealPlayer 16.0.2.32 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted mp4 file.
nvd
CVE-2005-2055P4MEDIUMCVSS 5.0v8.0v10.0+1 more2005-06-29
CVE-2005-2055 [MEDIUM] CVE-2005-2055: RealPlayer 8, 10, 10.5 (6.0.12.1040-1069), and Enterprise and RealOne Player v1 and v2 allows remote
RealPlayer 8, 10, 10.5 (6.0.12.1040-1069), and Enterprise and RealOne Player v1 and v2 allows remote malicious web server to create an arbitrary HTML file that executes an RM file via "default settings of earlier Internet Explorer browsers".
nvd
CVE-2002-0337P4MEDIUMCVSS 5.4v8.02002-06-25
CVE-2002-0337 [MEDIUM] CVE-2002-0337: RealPlayer 8 allows remote attackers to cause a denial of service (CPU utilization) via malformed .m
RealPlayer 8 allows remote attackers to cause a denial of service (CPU utilization) via malformed .mp3 files.
nvd
CVE-2002-0415P4LOWCVSS 1.7v6.02002-08-12
CVE-2002-0415 [LOW] CVE-2002-0415: Directory traversal vulnerability in the web server used in RealPlayer 6.0.7, and possibly other ver
Directory traversal vulnerability in the web server used in RealPlayer 6.0.7, and possibly other versions, may allow local users to read files that are accessible to RealPlayer via a .. (dot dot) in an HTTP GET request to port 1275.
nvd
← Previous9 / 9