Search Results (218 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2010-3749 1 Realnetworks 2 Realplayer, Realplayer Sp 2025-04-11 N/A
The browser-plugin implementation in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1 allows remote attackers to arguments to the RecordClip method, which allows remote attackers to download an arbitrary program onto a client machine, and execute this program, via a " (double quote) in an argument to the RecordClip method, aka "parameter injection."
CVE-2010-3750 1 Realnetworks 2 Realplayer, Realplayer Sp 2025-04-11 N/A
rjrmrpln.dll in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.4, and RealPlayer Enterprise 2.1.2 does not properly validate file contents that are used during interaction with a heap buffer, which allows remote attackers to execute arbitrary code via crafted Name Value Property (NVP) elements in logical streams in a media file.
CVE-2010-3751 1 Realnetworks 2 Realplayer, Realplayer Sp 2025-04-11 N/A
Multiple heap-based buffer overflows in an ActiveX control in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.4 allow remote attackers to execute arbitrary code via a long .smil argument to the (1) tfile, (2) pnmm, or (3) cdda protocol handler.
CVE-2010-0125 2 Apple, Realnetworks 3 Mac Os X, Realplayer, Realplayer Sp 2025-04-11 N/A
RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.4, RealPlayer Enterprise 2.1.2, and Mac RealPlayer 11.0 through 12.0.0.1444 do not properly parse spectral data in AAC files, which has unspecified impact and remote attack vectors.
CVE-2010-0416 2 Realnetworks, Redhat 3 Helix Player, Realplayer, Enterprise Linux 2025-04-11 N/A
Buffer overflow in the Unescape function in common/util/hxurl.cpp and player/hxclientkit/src/CHXClientSink.cpp in Helix Player 1.0.6 and RealPlayer allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a URL argument containing a % (percent) character that is not followed by two hex digits.
CVE-2010-0417 2 Realnetworks, Redhat 3 Helix Player, Realplayer, Enterprise Linux 2025-04-11 N/A
Buffer overflow in common/util/rlstate.cpp in Helix Player 1.0.6 and RealPlayer allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a RuleBook structure with a large number of rule-separator characters that trigger heap memory corruption.
CVE-2010-4235 1 Realnetworks 2 Helix Mobile Server, Helix Server 2025-04-11 N/A
Format string vulnerability in RealNetworks Helix Server 12.x, 13.x, and 14.x before 14.2, and Helix Mobile Server 12.x, 13.x, and 14.x before 14.2, allows remote attackers to execute arbitrary code via vectors related to the x-wap-profile HTTP header.
CVE-2012-2411 1 Realnetworks 2 Realplayer, Realplayer Sp 2025-04-11 N/A
Buffer overflow in RealNetworks RealPlayer before 15.0.4.53, and RealPlayer SP 1.0 through 1.1.5, allows remote attackers to execute arbitrary code via a crafted RealJukebox Media file.
CVE-2010-4375 4 Apple, Linux, Realnetworks and 1 more 4 Mac Os X, Linux Kernel, Realplayer and 1 more 2025-04-11 N/A
Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11.1, Mac RealPlayer 11.0 through 11.1, Linux RealPlayer 11.0.2.1744, and possibly HelixPlayer 1.0.6 and other versions, allows remote attackers to execute arbitrary code via malformed multi-rate data in an audio stream.
CVE-2010-4379 4 Apple, Linux, Realnetworks and 1 more 5 Mac Os X, Linux Kernel, Realplayer and 2 more 2025-04-11 N/A
Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.4, RealPlayer Enterprise 2.1.2, Mac RealPlayer 11.0 through 11.1, Linux RealPlayer 11.0.2.1744, and possibly HelixPlayer 1.0.6 and other versions, allows remote attackers to have an unspecified impact via a crafted SIPR file.
CVE-2010-4388 1 Realnetworks 2 Realplayer, Realplayer Sp 2025-04-11 N/A
The (1) Upsell.htm, (2) Main.html, and (3) Custsupport.html components in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.5, and RealPlayer Enterprise 2.1.2 and 2.1.3 allow remote attackers to inject code into the RealOneActiveXObject process, and consequently bypass intended Local Machine Zone restrictions and load arbitrary ActiveX controls, via unspecified vectors.
CVE-2010-4389 2 Linux, Realnetworks 3 Linux Kernel, Realplayer, Realplayer Sp 2025-04-11 N/A
Heap-based buffer overflow in the cook codec in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.5, and Linux RealPlayer 11.0.2.1744 allows remote attackers to execute arbitrary code via unspecified data in the initialization buffer.
CVE-2010-4390 2 Linux, Realnetworks 3 Linux Kernel, Realplayer, Realplayer Sp 2025-04-11 N/A
Multiple heap-based buffer overflows in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.5, and Linux RealPlayer 11.0.2.1744 allow remote attackers to have an unspecified impact via a crafted header in an IVR file.
CVE-2022-32291 1 Realnetworks 1 Realplayer 2024-11-21 8.8 High
In Real Player through 20.1.0.312, attackers can execute arbitrary code by placing a UNC share pathname (for a DLL file) in a RAM file.
CVE-2022-32271 1 Realnetworks 1 Realplayer 2024-11-21 9.6 Critical
In Real Player 20.0.8.310, there is a DCP:// URI Remote Arbitrary Code Execution Vulnerability. This is an internal URL Protocol used by Real Player to reference a file that contains an URL. It is possible to inject script code to arbitrary domains. It is also possible to reference arbitrary local files.
CVE-2022-32270 1 Realnetworks 1 Realplayer 2024-11-21 9.8 Critical
In Real Player 20.0.7.309 and 20.0.8.310, external::Import() allows download of arbitrary file types and Directory Traversal, leading to Remote Code Execution. This occurs because it is possible to plant executables in the startup folder (DLL planting could also occur).
CVE-2022-32269 1 Realnetworks 1 Realplayer 2024-11-21 9.8 Critical
In Real Player 20.0.8.310, the G2 Control allows injection of unsafe javascript: URIs in local HTTP error pages (displayed by Internet Explorer core). This leads to arbitrary code execution.
CVE-2018-13121 1 Realnetworks 1 Realone Player 2024-11-21 N/A
RealOne Player 2.0 Build 6.0.11.872 allows remote attackers to cause a denial of service (array out-of-bounds access and application crash) via a crafted .aiff file.