CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Realnetworks : Security Vulnerabilities (Denial Of Service)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2014-3444 94 DoS Exec Code 2014-05-20 2014-05-20
9.3
None Remote Medium Not required Complete Complete Complete
The GetGUID function in codecs/dmp4.dll in RealNetworks RealPlayer 16.0.3.51 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (write access violation and application crash) via a malformed .3gp file.
2 CVE-2013-4974 119 DoS Exec Code Overflow Mem. Corr. 2013-08-26 2013-09-11
9.3
None Remote Medium Not required Complete Complete Complete
RealNetworks RealPlayer before 16.0.3.51, and RealPlayer SP 1.0 through 1.1.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a malformed RealMedia file.
3 CVE-2013-3299 20 DoS 2013-07-06 2013-07-08
4.3
None Remote Medium Not required None None Partial
RealNetworks RealPlayer 16.0.2.32 and earlier allows remote attackers to cause a denial of service (resource consumption or application crash) via an HTML document containing JavaScript code that constructs a long string.
4 CVE-2012-3234 189 DoS 2012-09-12 2013-03-21
7.5
None Remote Low Not required Partial Partial Partial
RealNetworks RealPlayer before 15.0.6.14, RealPlayer SP 1.0 through 1.1.5, and Mac RealPlayer before 12.0.1.1750 do not properly handle codec frame sizes in RealAudio files, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash) or possibly have unspecified other impact via a crafted file.
5 CVE-2012-2410 119 DoS Overflow 2012-09-12 2013-03-21
6.8
None Remote Medium Not required Partial Partial Partial
Buffer overflow in RealNetworks RealPlayer before 15.0.6.14, RealPlayer SP 1.0 through 1.1.5, and Mac RealPlayer before 12.0.1.1750 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted RealMedia file, a different vulnerability than CVE-2012-2409.
6 CVE-2012-2409 119 DoS Overflow 2012-09-12 2013-03-21
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in RealNetworks RealPlayer before 15.0.6.14, RealPlayer SP 1.0 through 1.1.5, and Mac RealPlayer before 12.0.1.1750 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted RealMedia file, a different vulnerability than CVE-2012-2410.
7 CVE-2012-2408 119 DoS Overflow Mem. Corr. 2012-09-12 2013-03-21
6.8
None Remote Medium Not required Partial Partial Partial
The AAC SDK in RealNetworks RealPlayer before 15.0.6.14, RealPlayer SP 1.0 through 1.1.5, and Mac RealPlayer before 12.0.1.1750 allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a crafted AAC file that is not properly handled during decoding.
8 CVE-2012-2407 119 DoS Overflow 2012-09-12 2013-03-21
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in RealNetworks RealPlayer before 15.0.6.14, RealPlayer SP 1.0 through 1.1.5, and Mac RealPlayer before 12.0.1.1750 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted AAC file that is not properly handled during stream-data unpacking.
9 CVE-2012-2268 20 DoS 2012-04-17 2012-08-13
5.0
None Remote Low Not required None None Partial
master.exe in the SNMP Master Agent in RealNetworks Helix Server and Helix Mobile Server 14.x before 14.3.x allows remote attackers to cause a denial of service (unhandled exception and daemon crash) via a crafted Open-PDU request that triggers incorrect DisplayString processing, a different vulnerability than CVE-2012-1923.
10 CVE-2012-2267 264 DoS 2012-04-17 2013-09-04
5.0
None Remote Low Not required None None Partial
master.exe in the SNMP Master Agent in RealNetworks Helix Server and Helix Mobile Server 14.x before 14.3.x allows remote attackers to cause a denial of service (daemon crash) by establishing and closing a port-705 TCP connection, a different vulnerability than CVE-2012-1923.
11 CVE-2012-1985 352 DoS CSRF 2012-04-17 2012-08-13
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in RealNetworks Helix Server and Helix Mobile Server 14.x before 14.3.x allows remote attackers to hijack the authentication of administrators for requests that cause a denial of service (stack consumption and daemon crash) via a malformed URL.
12 CVE-2012-1904 119 1 DoS Overflow Mem. Corr. 2012-03-28 2012-08-24
4.3
None Remote Medium Not required None None Partial
mp4fformat.dll in the QuickTime File Format plugin in RealNetworks RealPlayer 15 and earlier, and RealPlayer SP 1.1.4 Build 12.0.0.756 and earlier, allows remote attackers to cause a denial of service (memory corruption and application crash) via a crafted MP4 file.
13 CVE-2011-4261 119 DoS Exec Code Overflow Mem. Corr. 2011-11-24 2012-03-08
9.3
None Remote Medium Not required Complete Complete Complete
RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via crafted video dimensions in an MP4 file.
14 CVE-2011-4246 119 DoS Exec Code Overflow Mem. Corr. 2011-11-24 2011-11-24
10.0
None Remote Low Not required Complete Complete Complete
The AAC codec in RealNetworks RealPlayer before 15.0.0 and Mac RealPlayer before 12.0.0.1703 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
15 CVE-2011-4245 119 DoS Exec Code Overflow Mem. Corr. 2011-11-24 2012-03-08
10.0
None Remote Low Not required Complete Complete Complete
The RealVideo renderer in RealNetworks RealPlayer before 15.0.0 and Mac RealPlayer before 12.0.0.1703 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
16 CVE-2011-2948 119 DoS Exec Code Overflow Mem. Corr. 2011-08-18 2011-10-05
9.3
None Remote Medium Not required Complete Complete Complete
RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5, RealPlayer SP 1.0 through 1.1.5, RealPlayer Enterprise 2.0 through 2.1.5, and Mac RealPlayer 12.0.0.1569 do not properly handle DEFINEFONT fields in SWF files, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted file.
17 CVE-2010-4387 119 DoS Exec Code Overflow Mem. Corr. 2010-12-14 2011-01-19
9.3
None Remote Medium Not required Complete Complete Complete
The RealAudio codec in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.4, Mac RealPlayer 11.0 through 12.0.0.1444, and Linux RealPlayer 11.0.2.1744 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted audio stream in a RealMedia file.
18 CVE-2010-4386 119 DoS Exec Code Overflow Mem. Corr. 2010-12-14 2011-01-26
9.3
None Remote Medium Not required Complete Complete Complete
RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.4, Linux RealPlayer 11.0.2.1744, and possibly HelixPlayer 1.0.6 and other versions, allow remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted RealMedia video file.
19 CVE-2010-4378 119 DoS Exec Code Overflow Mem. Corr. 2010-12-14 2011-01-26
9.3
None Remote Medium Not required Complete Complete Complete
The drv2.dll (aka RV20 decompression) module in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.5, RealPlayer Enterprise 2.1.2 and 2.1.3, Linux RealPlayer 11.0.2.1744, and possibly HelixPlayer 1.0.6 and other versions, allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted value of an unspecified length field in an RV20 video stream.
20 CVE-2010-3747 119 DoS Exec Code Overflow 2010-10-18 2011-09-21
9.3
None Remote Medium Not required Complete Complete Complete
An ActiveX control in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.4, and RealPlayer Enterprise 2.1.2 does not properly initialize an unspecified object component during parsing of a CDDA URI, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized pointer dereference and application crash) via a long URI.
21 CVE-2010-2999 189 DoS Exec Code Overflow Mem. Corr. 2010-12-14 2011-01-19
9.3
None Remote Medium Not required Complete Complete Complete
Integer overflow in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.0.1, Mac RealPlayer 11.0 through 11.1, and Linux RealPlayer 11.0.2.1744 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a malformed MLLT atom in an AAC file.
22 CVE-2010-2997 399 DoS Exec Code Mem. Corr. 2010-12-14 2011-01-26
9.3
None Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.0.1, Mac RealPlayer 11.0 through 11.1, Linux RealPlayer 11.0.2.1744, and possibly HelixPlayer 1.0.6 and other versions, allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted StreamTitle tag in an ICY SHOUTcast stream, related to the SMIL file format.
23 CVE-2010-0417 119 DoS Exec Code Overflow Mem. Corr. 2010-02-18 2010-08-21
5.0
None Remote Low Not required None None Partial
Buffer overflow in common/util/rlstate.cpp in Helix Player 1.0.6 and RealPlayer allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a RuleBook structure with a large number of rule-separator characters that trigger heap memory corruption.
24 CVE-2010-0416 119 DoS Exec Code Overflow 2010-02-18 2010-08-21
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in the Unescape function in common/util/hxurl.cpp and player/hxclientkit/src/CHXClientSink.cpp in Helix Player 1.0.6 and RealPlayer allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a URL argument containing a % (percent) character that is not followed by two hex digits.
25 CVE-2009-4248 119 DoS Exec Code Overflow 2010-01-25 2010-08-21
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in the RTSPProtocol::HandleSetParameterRequest function in client/core/rtspprotocol.cpp in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted RTSP SET_PARAMETER request.
26 CVE-2009-4247 119 DoS Exec Code Overflow 2010-01-25 2010-08-21
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in protocol/rtsp/rtspclnt.cpp in RealNetworks RealPlayer 10; RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741; RealPlayer 11 11.0.x; RealPlayer SP 1.0.0 and 1.0.1; RealPlayer Enterprise; Mac RealPlayer 10, 10.1, 11.0, and 11.0.1; Linux RealPlayer 10, 11.0.0, and 11.0.1; and Helix Player 10.x, 11.0.0, and 11.0.1 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an ASM RuleBook with a large number of rules, related to an "array overflow."
27 CVE-2009-4245 119 DoS Exec Code Overflow 2010-01-25 2010-08-21
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a compressed GIF file, related to gifcodec.cpp and gifimage.cpp.
28 CVE-2009-2534 20 1 DoS 2009-07-20 2009-08-12
5.0
None Remote Low Not required None None Partial
RealNetworks Helix Server and Helix Mobile Server before 13.0.0 allow remote attackers to cause a denial of service (daemon crash) via an RTSP SETUP request that (1) specifies the / URI or (2) lacks a / character in the URI.
29 CVE-2009-2533 20 1 DoS 2009-07-20 2009-08-12
5.0
None Remote Low Not required None None Partial
rmserver in RealNetworks Helix Server and Helix Mobile Server before 13.0.0 allows remote attackers to cause a denial of service (daemon exit) via multiple RTSP SET_PARAMETER requests with empty DataConvertBuffer headers.
30 CVE-2008-5911 119 DoS Exec Code Overflow 2009-01-20 2009-01-23
10.0
None Remote Low Not required Complete Complete Complete
Multiple buffer overflows in RealNetworks Helix Server and Helix Mobile Server 11.x before 11.1.8 and 12.x before 12.0.1 allow remote attackers to (1) cause a denial of service via three crafted RTSP SETUP commands, or execute arbitrary code via (2) an NTLM authentication request with malformed base64-encoded data, (3) an RTSP DESCRIBE command, or (4) a DataConvertBuffer request.
31 CVE-2008-1309 399 1 DoS Exec Code 2008-03-12 2011-06-16
9.3
None Remote Medium Not required Complete Complete Complete
The RealAudioObjects.RealAudio ActiveX control in rmoc3260.dll in RealNetworks RealPlayer Enterprise, RealPlayer 10, RealPlayer 10.5 before build 6.0.12.1675, and RealPlayer 11 before 11.0.3 build 6.0.14.806 does not properly manage memory for the (1) Console or (2) Controls property, which allows remote attackers to execute arbitrary code or cause a denial of service (browser crash) via a series of assignments of long string values, which triggers an overwrite of freed heap memory.
32 CVE-2007-6235 20 1 DoS 2007-12-04 2008-09-05
5.0
None Remote Low Not required None None Partial
A certain ActiveX control in RealNetworks RealPlayer 11 allows remote attackers to cause a denial of service (application crash) via a malformed .au file that triggers a divide-by-zero error. NOTE: this might be related to CVE-2007-4904.
33 CVE-2007-4904 189 DoS 2007-09-17 2008-11-15
4.3
None Remote Medium Not required None None Partial
RealNetworks RealPlayer 10.1.0.3114 and earlier, and Helix Player 1.0.6.778 on Fedora Core 6 (FC6) and possibly other platforms, allow user-assisted remote attackers to cause a denial of service (application crash) via a malformed .au file that triggers a divide-by-zero error.
34 CVE-2007-2497 1 DoS 2007-05-03 2008-11-13
7.8
None Remote Low Not required None None Complete
RealNetworks RealPlayer 10 Gold allows remote attackers to cause a denial of service (memory consumption) via a certain .ra file. NOTE: this issue was referred to as a "memory leak," but it is not clear if this is correct.
35 CVE-2006-6847 DoS 2006-12-31 2008-09-05
5.0
None Remote Low Not required None None Partial
An ActiveX control in ierpplug.dll for RealNetworks RealPlayer 10.5 allows remote attackers to cause a denial of service (Internet Explorer 7 crash) by invoking the RealPlayer.OpenURLInPlayerBrowser method with a long second argument.
36 CVE-2006-6759 1 DoS 2006-12-26 2008-09-05
5.0
None Remote Low Not required None None Partial
A certain ActiveX control in rpau3260.dll in RealNetworks RealPlayer 10.5 allows remote attackers to cause a denial of service (Internet Explorer crash) by invoking the RealPlayer.Initialize method with certain arguments.
37 CVE-2006-6026 119 1 DoS Exec Code Overflow 2006-11-21 2011-10-18
10.0
Admin Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in Real Networks Helix Server and Helix Mobile Server before 11.1.3, and Helix DNA Server 11.0 and 11.1, allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a DESCRIBE request that contains an invalid LoadTestPassword field.
38 CVE-2005-2922 119 DoS Exec Code Overflow 2005-12-31 2011-10-17
9.3
Admin Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in the embedded player in multiple RealNetworks products and versions including RealPlayer 10.x, RealOne Player, and Helix Player allows remote malicious servers to cause a denial of service (crash) and possibly execute arbitrary code via a chunked Transfer-Encoding HTTP response in which either (1) the chunk header length is specified as -1, (2) the chunk header with a length that is less than the actual amount of sent data, or (3) a missing chunk header.
39 CVE-2004-1416 DoS Exec Code 2004-12-31 2008-09-05
5.1
User Remote High Not required Partial Partial Partial
pnxr3260.dll in the RealOne 2.0 build 6.0.11.868 browser plugin, as used in Internet Explorer, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted embed tag.
40 CVE-2004-0774 DoS 2004-11-03 2008-09-05
7.8
None Remote Low Not required None None Complete
RealNetworks Helix Universal Server 9.0.2 for Linux and 9.0.3 for Windows allows remote attackers to cause a denial of service (CPU and memory exhaustion) via a POST request with a Content-Length header set to -1.
41 CVE-2004-0389 DoS 2004-06-01 2008-09-10
7.8
None Remote Low Not required None None Complete
RealNetworks Helix Universal Server 9.0.1 and 9.0.2 allows remote attackers to cause a denial of service (crash) via malformed requests that trigger a null dereference, as demonstrated using (1) GET_PARAMETER or (2) DESCRIBE requests.
42 CVE-2004-0049 DoS 2004-02-17 2008-09-05
6.8
None Remote Low Single system None None Complete
Helix Universal Server/Proxy 9 and Mobile Server 10 allow remote attackers to cause a denial of service via certain HTTP POST messages to the Administration System port.
43 CVE-2003-1117 DoS Exec Code Overflow 2003-12-31 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in RealSystem Server 6.x, 7.x and 8.x, and RealSystem Proxy 8.x, related to URL error handling, allows remote attackers to cause a denial of service and possibly execute arbitrary code.
44 CVE-2002-0337 DoS 2002-06-25 2008-09-05
5.4
None Remote High Not required None None Complete
RealPlayer 8 allows remote attackers to cause a denial of service (CPU utilization) via malformed .mp3 files.
45 CVE-2000-0474 DoS 2000-06-01 2008-09-10
7.8
None Remote Low Not required None None Complete
Real Networks RealServer 7.x allows remote attackers to cause a denial of service via a malformed request for a page in the viewsource directory.
46 CVE-2000-0280 DoS Overflow 2000-04-03 2008-09-05
2.6
None Remote High Not required None None Partial
Buffer overflow in the RealNetworks RealPlayer client versions 6 and 7 allows remote attackers to cause a denial of service via a long Location URL.
47 CVE-2000-0272 DoS 2000-04-20 2008-09-10
7.8
None Remote Low Not required None None Complete
RealNetworks RealServer allows remote attackers to cause a denial of service by sending malformed input to the server at port 7070.
48 CVE-2000-0001 DoS 1999-12-23 2008-09-10
5.0
None Remote Low Not required None None Partial
RealMedia server allows remote attackers to cause a denial of service via a long ramgen request.
49 CVE-1999-1045 DoS 1998-01-15 2008-09-05
7.8
None Remote Low Not required None None Complete
pnserver in RealServer 5.0 and earlier allows remote attackers to cause a denial of service by sending a short, malformed request.
Total number of vulnerabilities : 49   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.