# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
1 |
CVE-2011-4262 |
|
|
Exec Code |
2011-11-24 |
2012-03-08 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
Unspecified vulnerability in RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via a crafted MP4 file. |
2 |
CVE-2011-4261 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2011-11-24 |
2012-03-08 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via crafted video dimensions in an MP4 file. |
3 |
CVE-2011-4260 |
94 |
|
Exec Code |
2011-11-24 |
2012-03-08 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via a malformed header in an MP4 file. |
4 |
CVE-2011-4259 |
189 |
|
Exec Code |
2011-11-24 |
2012-03-08 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
Integer underflow in RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via a crafted width value in an MPG file. |
5 |
CVE-2011-4258 |
94 |
|
Exec Code |
2011-11-24 |
2012-03-08 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via a crafted length of an MLTI chunk in an IVR file. |
6 |
CVE-2011-4257 |
94 |
|
Exec Code |
2011-11-24 |
2012-03-08 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
The Cook codec in RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via crafted channel data. |
7 |
CVE-2011-4256 |
94 |
|
Exec Code |
2011-11-24 |
2012-03-08 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
The RV30 codec in RealNetworks RealPlayer before 15.0.0 and Mac RealPlayer before 12.0.0.1703 does not initialize an unspecified index value, which allows remote attackers to execute arbitrary code via unknown vectors. |
8 |
CVE-2011-4255 |
|
|
Exec Code |
2011-11-24 |
2012-03-08 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
Unspecified vulnerability in RealNetworks RealPlayer before 15.0.0 and Mac RealPlayer before 12.0.0.1703 allows remote attackers to execute arbitrary code via an invalid codec name. |
9 |
CVE-2011-4254 |
94 |
|
Exec Code |
2011-11-24 |
2012-03-08 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via a crafted RTSP SETUP request. |
10 |
CVE-2011-4253 |
|
|
Exec Code |
2011-11-24 |
2012-03-08 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
Unspecified vulnerability in the RV20 codec in RealNetworks RealPlayer before 15.0.0 and Mac RealPlayer before 12.0.0.1703 allows remote attackers to execute arbitrary code via unknown vectors. |
11 |
CVE-2011-4252 |
94 |
|
Exec Code |
2011-11-24 |
2012-03-08 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
The RV10 codec in RealNetworks RealPlayer before 15.0.0 and Mac RealPlayer before 12.0.0.1703 allows remote attackers to execute arbitrary code via a crafted sample height. |
12 |
CVE-2011-4251 |
94 |
|
Exec Code |
2011-11-24 |
2012-03-08 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via a crafted sample size in a RealAudio file. |
13 |
CVE-2011-4250 |
|
|
Exec Code |
2011-11-24 |
2012-03-08 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
Unspecified vulnerability in the ATRC codec in RealNetworks RealPlayer before 15.0.0 and Mac RealPlayer before 12.0.0.1703 allows remote attackers to execute arbitrary code via unknown vectors. |
14 |
CVE-2011-4249 |
20 |
|
Exec Code |
2011-11-24 |
2012-03-08 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
Array index error in the RV30 codec in RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via unspecified vectors. |
15 |
CVE-2011-4248 |
94 |
|
Exec Code |
2011-11-24 |
2012-03-08 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via a malformed AAC file. |
16 |
CVE-2011-4247 |
94 |
|
Exec Code |
2011-11-24 |
2012-03-08 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via a crafted QCELP stream. |
17 |
CVE-2011-4246 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2011-11-24 |
2011-11-24 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
The AAC codec in RealNetworks RealPlayer before 15.0.0 and Mac RealPlayer before 12.0.0.1703 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. |
18 |
CVE-2011-4245 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2011-11-24 |
2012-03-08 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
The RealVideo renderer in RealNetworks RealPlayer before 15.0.0 and Mac RealPlayer before 12.0.0.1703 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. |
19 |
CVE-2011-4244 |
119 |
|
Exec Code Overflow |
2011-11-24 |
2012-03-08 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
Heap-based buffer overflow in the RealVideo renderer in RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via unspecified vectors. |
20 |
CVE-2011-2955 |
399 |
|
Exec Code |
2011-08-18 |
2011-10-06 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
Use-after-free vulnerability in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5, RealPlayer SP 1.0 through 1.1.5, and RealPlayer Enterprise 2.0 through 2.1.5, when an Embedded RealPlayer is used, allows remote attackers to execute arbitrary code via vectors related to a modal dialog. |
21 |
CVE-2011-2954 |
399 |
|
Exec Code |
2011-08-18 |
2011-10-06 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
Use-after-free vulnerability in the AutoUpdate feature in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5 and RealPlayer SP 1.0 through 1.1.5, when an Embedded RealPlayer is used, allows remote attackers to execute arbitrary code via unspecified vectors. |
22 |
CVE-2011-2953 |
119 |
|
Exec Code Overflow |
2011-08-18 |
2011-10-06 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
An unspecified ActiveX control in the browser plugin in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5, RealPlayer SP 1.0 through 1.1.5, and RealPlayer Enterprise 2.0 through 2.1.5 allows remote attackers to execute arbitrary code via unknown vectors, related to an out-of-bounds condition. |
23 |
CVE-2011-2952 |
399 |
|
Exec Code |
2011-08-18 |
2011-10-06 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
Use-after-free vulnerability in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5, RealPlayer SP 1.0 through 1.1.5, and RealPlayer Enterprise 2.0 through 2.1.5 allows remote attackers to execute arbitrary code via vectors related to a dialog box. |
24 |
CVE-2011-2951 |
119 |
|
Exec Code Overflow |
2011-08-18 |
2011-10-06 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
Buffer overflow in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5, RealPlayer SP 1.0 through 1.1.5, and Mac RealPlayer 12.0.0.1569 allows remote attackers to execute arbitrary code via a crafted raw_data_frame field in an AAC file. |
25 |
CVE-2011-2950 |
119 |
|
Exec Code Overflow |
2011-08-18 |
2012-02-14 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
Heap-based buffer overflow in qcpfformat.dll in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5 and RealPlayer SP 1.0 through 1.1.5 allows remote attackers to execute arbitrary code via a crafted QCP file. |
26 |
CVE-2011-2949 |
119 |
|
Exec Code Overflow |
2011-08-18 |
2011-10-06 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5, RealPlayer SP 1.0 through 1.1.5, and RealPlayer Enterprise 2.0 through 2.1.5 allows remote attackers to execute arbitrary code via crafted ID3v2 tags in an MP3 file. |
27 |
CVE-2011-2948 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2011-08-18 |
2011-10-06 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5, RealPlayer SP 1.0 through 1.1.5, RealPlayer Enterprise 2.0 through 2.1.5, and Mac RealPlayer 12.0.0.1569 do not properly handle DEFINEFONT fields in SWF files, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted file. |
28 |
CVE-2011-2946 |
|
|
Exec Code |
2011-08-18 |
2011-10-06 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
Unspecified vulnerability in an ActiveX control in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5, RealPlayer SP 1.0 through 1.1.5, and RealPlayer Enterprise 2.0 through 2.1.5 allows remote attackers to execute arbitrary code via unknown vectors. |
29 |
CVE-2011-2945 |
119 |
|
Exec Code Overflow |
2011-08-18 |
2011-10-06 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5 and RealPlayer SP 1.0 through 1.1.5 allows remote attackers to execute arbitrary code via a crafted SIPR stream. |
30 |
CVE-2011-1525 |
119 |
1
|
Exec Code Overflow |
2011-04-06 |
2018-10-09 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
Heap-based buffer overflow in rvrender.dll in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.2, and RealPlayer SP 1.0 through 1.1.5, allows remote attackers to execute arbitrary code via a crafted frame in an Internet Video Recording (IVR) file. |
31 |
CVE-2011-1426 |
|
|
Exec Code |
2011-04-18 |
2018-10-09 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
The OpenURLInDefaultBrowser method in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.2, and RealPlayer SP 1.0 through 1.1.5, launches a default handler for the filename specified in the first argument, which allows remote attackers to execute arbitrary code via a .rnx filename corresponding to a crafted RNX file. |
32 |
CVE-2011-0694 |
|
|
Exec Code |
2011-02-21 |
2018-10-09 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
RealNetworks RealPlayer 11.0 through 11.1, SP 1.0 through 1.1.5, and 14.0.0 through 14.0.1, and Enterprise 2.0 through 2.1.4, uses predictable names for temporary files, which allows remote attackers to conduct cross-domain scripting attacks and execute arbitrary code via the OpenURLinPlayerBrowser function. |
33 |
CVE-2010-4596 |
119 |
|
Exec Code Overflow |
2011-04-04 |
2011-04-06 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
Stack-based buffer overflow in RealNetworks Helix Server 12.x, 13.x, and 14.x before 14.2, and Helix Mobile Server 12.x, 13.x, and 14.x before 14.2, allows remote attackers to execute arbitrary code via a long string in an RTSP request. |
34 |
CVE-2010-4393 |
119 |
|
Exec Code Overflow |
2011-01-31 |
2017-08-17 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
Heap-based buffer overflow in vidplin.dll in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.x before 14.0.2, and RealPlayer SP 1.0 through 1.1.5, allows remote attackers to execute arbitrary code via a crafted header in an AVI file. |
35 |
CVE-2010-4235 |
134 |
|
Exec Code |
2011-04-04 |
2011-04-06 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
Format string vulnerability in RealNetworks Helix Server 12.x, 13.x, and 14.x before 14.2, and Helix Mobile Server 12.x, 13.x, and 14.x before 14.2, allows remote attackers to execute arbitrary code via vectors related to the x-wap-profile HTTP header. |