| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2012-2268 |
20 |
|
DoS |
2012-04-17 |
2012-08-13 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
master.exe in the SNMP Master Agent in RealNetworks Helix Server and Helix Mobile Server 14.x before 14.3.x allows remote attackers to cause a denial of service (unhandled exception and daemon crash) via a crafted Open-PDU request that triggers incorrect DisplayString processing, a different vulnerability than CVE-2012-1923. |
|
2 |
CVE-2012-2267 |
264 |
|
DoS |
2012-04-17 |
2012-08-13 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
master.exe in the SNMP Master Agent in RealNetworks Helix Server and Helix Mobile Server 14.x before 14.3.x allows remote attackers to cause a denial of service (daemon crash) by establishing and closing a port-705 TCP connection, a different vulnerability than CVE-2012-1923. |
|
3 |
CVE-2010-2579 |
|
|
|
2010-12-14 |
2011-01-19 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The cook codec in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.4, RealPlayer Enterprise 2.1.2, Mac RealPlayer 11.0 through 11.1, and Linux RealPlayer 11.0.2.1744 does not properly initialize the number of channels, which allows attackers to obtain unspecified "memory access" via unknown vectors. |
|
4 |
CVE-2010-0417 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2010-02-18 |
2010-08-21 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Buffer overflow in common/util/rlstate.cpp in Helix Player 1.0.6 and RealPlayer allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a RuleBook structure with a large number of rule-separator characters that trigger heap memory corruption. |
|
5 |
CVE-2009-2534 |
20 |
1
|
DoS |
2009-07-20 |
2009-08-12 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
RealNetworks Helix Server and Helix Mobile Server before 13.0.0 allow remote attackers to cause a denial of service (daemon crash) via an RTSP SETUP request that (1) specifies the / URI or (2) lacks a / character in the URI. |
|
6 |
CVE-2009-2533 |
20 |
1
|
DoS |
2009-07-20 |
2009-08-12 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
rmserver in RealNetworks Helix Server and Helix Mobile Server before 13.0.0 allows remote attackers to cause a denial of service (daemon exit) via multiple RTSP SET_PARAMETER requests with empty DataConvertBuffer headers. |
|
7 |
CVE-2007-6235 |
20 |
1
|
DoS |
2007-12-04 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
A certain ActiveX control in RealNetworks RealPlayer 11 allows remote attackers to cause a denial of service (application crash) via a malformed .au file that triggers a divide-by-zero error. NOTE: this might be related to CVE-2007-4904. |
|
8 |
CVE-2006-6847 |
|
|
DoS |
2006-12-31 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
An ActiveX control in ierpplug.dll for RealNetworks RealPlayer 10.5 allows remote attackers to cause a denial of service (Internet Explorer 7 crash) by invoking the RealPlayer.OpenURLInPlayerBrowser method with a long second argument. |
|
9 |
CVE-2006-6759 |
|
1
|
DoS |
2006-12-26 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
A certain ActiveX control in rpau3260.dll in RealNetworks RealPlayer 10.5 allows remote attackers to cause a denial of service (Internet Explorer crash) by invoking the RealPlayer.Initialize method with certain arguments. |
|
10 |
CVE-2005-2710 |
|
|
Exec Code |
2005-09-27 |
2010-08-21 |
5.1 |
User |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
Format string vulnerability in Real HelixPlayer and RealPlayer 10 allows remote attackers to execute arbitrary code via the (1) image handle or (2) timeformat attribute in a RealPix (.rp) or RealText (.rt) file. |
|
11 |
CVE-2005-2630 |
|
|
Exec Code Overflow |
2005-11-18 |
2008-09-05 |
5.1 |
User |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
Heap-based buffer overflow in DUNZIP32.DLL for RealPlayer 8, 10, and 10.5 and RealOne Player 1 and 2 allows remote attackers to execute arbitrary code via a crafted RealPlayer Skin (RJS) file, a different vulnerability than CVE-2004-1094. |
|
12 |
CVE-2005-2629 |
|
|
Exec Code Overflow |
2005-11-18 |
2010-08-21 |
5.1 |
User |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
Integer overflow in RealNetworks RealPlayer 8, 10, and 10.5, RealOne Player 1 and 2, and Helix Player 10.0.0 allows remote attackers to execute arbitrary code via an .rm movie file with a large value in the length field of the first data packet, which leads to a stack-based buffer overflow, a different vulnerability than CVE-2004-1481. |
|
13 |
CVE-2005-2055 |
|
|
|
2005-06-29 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
RealPlayer 8, 10, 10.5 (6.0.12.1040-1069), and Enterprise and RealOne Player v1 and v2 allows remote malicious web server to create an arbitrary HTML file that executes an RM file via "default settings of earlier Internet Explorer browsers". |
|
14 |
CVE-2005-2054 |
|
|
|
2005-06-29 |
2008-09-05 |
5.1 |
User |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
Unknown vulnerability in RealPlayer 10 and 10.5 (6.0.12.1040-1069) and RealOne Player v1 and v2 allows remote attackers to overwrite arbitrary files or execute arbitrary ActiveX controls via a crafted MP3 file. |
|
15 |
CVE-2005-2052 |
|
|
Exec Code Overflow |
2005-06-28 |
2008-09-05 |
5.1 |
User |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
Heap-based buffer overflow in vidplin.dll in RealPlayer 10 and 10.5 (6.0.12.1040 through 1069), RealOne Player v1 and v2, RealPlayer 8 and RealPlayer Enterprise allows remote attackers to execute arbitrary code via an .avi file with a modified strf structure value. |
|
16 |
CVE-2005-1766 |
|
|
Exec Code Overflow |
2005-06-28 |
2010-08-21 |
5.1 |
User |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
Heap-based buffer overflow in rtffplin.cpp in RealPlayer 10.5 6.0.12.1056 on Windows, and 10, 10.0.1.436, and other versions before 10.0.5 on Linux, allows remote attackers to execute arbitrary code via a RealMedia file with a long RealText string, such as an SMIL file. |
|
17 |
CVE-2005-0755 |
|
|
Exec Code Overflow |
2005-04-19 |
2010-08-21 |
5.1 |
User |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
Heap-based buffer overflow in RealPlayer 10 and earlier, Helix Player before 10.0.4, and RealOne Player v1 and v2 allows remote attackers to execute arbitrary code via a long hostname in a RAM file. |
|
18 |
CVE-2005-0611 |
|
|
Exec Code Overflow |
2005-05-02 |
2010-08-21 |
5.1 |
User |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
Heap-based buffer overflow in RealNetworks RealPlayer 10.5 (6.0.12.1056 and earlier), 10, 8, and RealOne Player V2 and V1, allows remote attackers to execute arbitrary code via .WAV files. |
|
19 |
CVE-2005-0455 |
|
|
Exec Code Overflow |
2005-05-02 |
2010-08-21 |
5.1 |
User |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
Stack-based buffer overflow in the CSmil1Parser::testAttributeFailed function in smlparse.cpp for RealNetworks RealPlayer 10.5 (6.0.12.1056 and earlier), 10, 8, and RealOne Player V2 and V1 allows remote attackers to execute arbitrary code via a .SMIL file with a large system-screen-size value. |
|
20 |
CVE-2005-0347 |
|
|
Exec Code Overflow |
2005-05-02 |
2008-09-05 |
5.1 |
User |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
Integer overflow in RealArcade 1.2.0.994 and earlier allows remote attackers to execute arbitrary code via an RGS file with an invalid size string for the GUID and game name, which leads to a buffer overflow. |
|
21 |
CVE-2005-0191 |
|
|
Exec Code Overflow |
2005-01-19 |
2008-09-05 |
5.1 |
User |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
Off-by-one buffer overflow in the processing of tags in Real Metadata Package (RMP) files in RealPlayer 10.5 (6.0.12.1040) and earlier could allow remote attackers to execute arbitrary code via a long tag. |
|
22 |
CVE-2004-1798 |
|
|
|
2004-12-31 |
2008-09-05 |
5.1 |
User |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
RealOne player 6.0.11.868 allows remote attackers to execute arbitrary script in the "My Computer" zone via a Synchronized Multimedia Integration Language (SMIL) presentation with a "file:javascript:" URL, which is executed in the security context of the previously loaded URL, a different vulnerability than CVE-2003-0726. |
|
23 |
CVE-2004-1481 |
|
|
Exec Code Overflow |
2004-12-31 |
2008-09-05 |
5.1 |
User |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
Integer overflow in pnen3260.dll in RealPlayer 8 through 10.5 (6.0.12.1040) and earlier, and RealOne Player 1 or 2 on Windows or Mac OS, allows remote attackers to execute arbitrary code via a SMIL file and a .rm movie file with a large length field for the data chunk, which leads to a heap-based buffer overflow. |
|
24 |
CVE-2004-1416 |
|
|
DoS Exec Code |
2004-12-31 |
2008-09-05 |
5.1 |
User |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
pnxr3260.dll in the RealOne 2.0 build 6.0.11.868 browser plugin, as used in Internet Explorer, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted embed tag. |
|
25 |
CVE-2004-0387 |
|
|
Exec Code Overflow |
2004-06-01 |
2008-09-05 |
5.1 |
User |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
Stack-based buffer overflow in the RT3 plugin, as used in RealPlayer 8, RealOne Player, RealOne Player 10 beta, and RealOne Player Enterprise, allows remote attackers to execute arbitrary code via a malformed .R3T file. |
|
26 |
CVE-2003-0726 |
|
|
|
2003-10-20 |
2008-09-05 |
5.1 |
User |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
RealOne player allows remote attackers to execute arbitrary script in the "My Computer" zone via a SMIL presentation with a URL that references a scripting protocol, which is executed in the security context of the previously loaded URL, as demonstrated using a "javascript:" URL in the area tag. |
|
27 |
CVE-2003-0141 |
|
|
|
2003-04-02 |
2008-09-05 |
5.1 |
User |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
The PNG deflate algorithm in RealOne Player 6.0.11.x and earlier, RealPlayer 8/RealPlayer Plus 8 6.0.9.584, and other versions allows remote attackers to corrupt the heap and overwrite arbitrary memory via a PNG graphic file format containing compressed data using fixed trees that contain the length values 286-287, which are treated as a very large length. |
|
28 |
CVE-2002-0337 |
|
|
DoS |
2002-06-25 |
2008-09-05 |
5.4 |
None |
Remote |
High |
Not required |
None |
None |
Complete |
|
RealPlayer 8 allows remote attackers to cause a denial of service (CPU utilization) via malformed .mp3 files. |
|
29 |
CVE-2000-1181 |
|
|
+Info |
2001-01-09 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Real Networks RealServer 7 and earlier allows remote attackers to obtain portions of RealServer's memory contents, possibly including sensitive information, by accessing the /admin/includes/ URL. |
|
30 |
CVE-2000-0185 |
|
|
|
2000-03-08 |
2008-09-10 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
RealMedia RealServer reveals the real IP address of a Real Server, even if the address is supposed to be private. |
|
31 |
CVE-2000-0001 |
|
|
DoS |
1999-12-23 |
2008-09-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
RealMedia server allows remote attackers to cause a denial of service via a long ramgen request. |
