Filtered by vendor Realnetworks
Subscribe
Total
217 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2011-4260 | 1 Realnetworks | 1 Realplayer | 2024-02-28 | 9.3 HIGH | N/A |
RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via a malformed header in an MP4 file. | |||||
CVE-2011-4258 | 1 Realnetworks | 1 Realplayer | 2024-02-28 | 9.3 HIGH | N/A |
RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via a crafted length of an MLTI chunk in an IVR file. | |||||
CVE-2011-2950 | 1 Realnetworks | 2 Realplayer, Realplayer Sp | 2024-02-28 | 9.3 HIGH | N/A |
Heap-based buffer overflow in qcpfformat.dll in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5 and RealPlayer SP 1.0 through 1.1.5 allows remote attackers to execute arbitrary code via a crafted QCP file. | |||||
CVE-2010-4380 | 1 Realnetworks | 2 Realplayer, Realplayer Sp | 2024-02-28 | 9.3 HIGH | N/A |
Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.4, and RealPlayer Enterprise 2.1.2 allows remote attackers to have an unspecified impact via a crafted SOUND file. | |||||
CVE-2011-2955 | 1 Realnetworks | 2 Realplayer, Realplayer Sp | 2024-02-28 | 9.3 HIGH | N/A |
Use-after-free vulnerability in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5, RealPlayer SP 1.0 through 1.1.5, and RealPlayer Enterprise 2.0 through 2.1.5, when an Embedded RealPlayer is used, allows remote attackers to execute arbitrary code via vectors related to a modal dialog. | |||||
CVE-2011-2953 | 1 Realnetworks | 2 Realplayer, Realplayer Sp | 2024-02-28 | 10.0 HIGH | N/A |
An unspecified ActiveX control in the browser plugin in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5, RealPlayer SP 1.0 through 1.1.5, and RealPlayer Enterprise 2.0 through 2.1.5 allows remote attackers to execute arbitrary code via unknown vectors, related to an out-of-bounds condition. | |||||
CVE-2011-1525 | 1 Realnetworks | 1 Realplayer | 2024-02-28 | 9.3 HIGH | N/A |
Heap-based buffer overflow in rvrender.dll in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.2, and RealPlayer SP 1.0 through 1.1.5, allows remote attackers to execute arbitrary code via a crafted frame in an Internet Video Recording (IVR) file. | |||||
CVE-2011-4248 | 1 Realnetworks | 1 Realplayer | 2024-02-28 | 9.3 HIGH | N/A |
RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via a malformed AAC file. | |||||
CVE-2010-3001 | 2 Microsoft, Realnetworks | 3 Windows, Realplayer, Realplayer Sp | 2024-02-28 | 9.3 HIGH | N/A |
Unspecified vulnerability in an ActiveX control in the Internet Explorer (IE) plugin in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.4 on Windows has unknown impact and attack vectors related to "multiple browser windows." | |||||
CVE-2010-2579 | 3 Apple, Linux, Realnetworks | 4 Mac Os X, Linux Kernel, Realplayer and 1 more | 2024-02-28 | 5.0 MEDIUM | N/A |
The cook codec in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.4, RealPlayer Enterprise 2.1.2, Mac RealPlayer 11.0 through 11.1, and Linux RealPlayer 11.0.2.1744 does not properly initialize the number of channels, which allows attackers to obtain unspecified "memory access" via unknown vectors. | |||||
CVE-2011-4246 | 1 Realnetworks | 1 Realplayer | 2024-02-28 | 10.0 HIGH | N/A |
The AAC codec in RealNetworks RealPlayer before 15.0.0 and Mac RealPlayer before 12.0.0.1703 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. | |||||
CVE-2010-3749 | 1 Realnetworks | 2 Realplayer, Realplayer Sp | 2024-02-28 | 9.3 HIGH | N/A |
The browser-plugin implementation in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1 allows remote attackers to arguments to the RecordClip method, which allows remote attackers to download an arbitrary program onto a client machine, and execute this program, via a " (double quote) in an argument to the RecordClip method, aka "parameter injection." | |||||
CVE-2011-4250 | 1 Realnetworks | 1 Realplayer | 2024-02-28 | 10.0 HIGH | N/A |
Unspecified vulnerability in the ATRC codec in RealNetworks RealPlayer before 15.0.0 and Mac RealPlayer before 12.0.0.1703 allows remote attackers to execute arbitrary code via unknown vectors. | |||||
CVE-2009-4241 | 3 Apple, Microsoft, Realnetworks | 6 Mac Os X, Windows, Helix Player and 3 more | 2024-02-28 | 9.3 HIGH | N/A |
Heap-based buffer overflow in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows remote attackers to execute arbitrary code via a file with invalid ASMRuleBook structures that trigger heap memory corruption. | |||||
CVE-2010-4394 | 1 Realnetworks | 2 Realplayer, Realplayer Sp | 2024-02-28 | 9.3 HIGH | N/A |
Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.5 allows remote web servers to execute arbitrary code via a long Server header in a response to an HTTP request that occurs during parsing of a RealPix file. | |||||
CVE-2010-4379 | 3 Apple, Linux, Realnetworks | 4 Mac Os X, Linux Kernel, Realplayer and 1 more | 2024-02-28 | 9.3 HIGH | N/A |
Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.4, RealPlayer Enterprise 2.1.2, Mac RealPlayer 11.0 through 11.1, Linux RealPlayer 11.0.2.1744, and possibly HelixPlayer 1.0.6 and other versions, allows remote attackers to have an unspecified impact via a crafted SIPR file. | |||||
CVE-2010-4396 | 1 Realnetworks | 2 Realplayer, Realplayer Sp | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-zone scripting vulnerability in the HandleAction method in a certain ActiveX control in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.5, and RealPlayer Enterprise 2.1.2 allows remote attackers to inject arbitrary web script or HTML in the Local Zone by specifying a local file in a NavigateToURL action, as demonstrated by a local skin file. | |||||
CVE-2010-4395 | 2 Linux, Realnetworks | 3 Linux Kernel, Realplayer, Realplayer Sp | 2024-02-28 | 9.3 HIGH | N/A |
Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.5, and Linux RealPlayer 11.0.2.1744 allows remote attackers to execute arbitrary code via a crafted conditional component in AAC frame data. | |||||
CVE-2010-3750 | 1 Realnetworks | 2 Realplayer, Realplayer Sp | 2024-02-28 | 9.3 HIGH | N/A |
rjrmrpln.dll in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.4, and RealPlayer Enterprise 2.1.2 does not properly validate file contents that are used during interaction with a heap buffer, which allows remote attackers to execute arbitrary code via crafted Name Value Property (NVP) elements in logical streams in a media file. | |||||
CVE-2012-0928 | 1 Realnetworks | 2 Realplayer, Realplayer Sp | 2024-02-28 | 9.3 HIGH | N/A |
The ATRAC codec in RealNetworks RealPlayer 11.x and 14.x through 14.0.7, RealPlayer SP 1.0 through 1.1.5, and Mac RealPlayer 12.x before 12.0.0.1703 does not properly decode samples, which allows remote attackers to execute arbitrary code via a crafted ATRAC audio file. |