In Real Player through 20.1.0.312, attackers can execute arbitrary code by placing a UNC share pathname (for a DLL file) in a RAM file.
Max CVSS
8.8
EPSS Score
0.28%
Published
2022-06-05
Updated
2022-06-14
RealOne Player 2.0 Build 6.0.11.872 allows remote attackers to cause a denial of service (array out-of-bounds access and application crash) via a crafted .aiff file.
Max CVSS
5.5
EPSS Score
0.09%
Published
2018-07-03
Updated
2018-09-04
RealPlayer 16.0.2.32 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted mp4 file.
Max CVSS
5.5
EPSS Score
0.12%
Published
2017-05-29
Updated
2017-06-08
Improper handling of a repeating VRAT chunk in qcpfformat.dll allows attackers to cause a Null pointer dereference and crash in RealNetworks RealPlayer 18.1.5.705 through a crafted .QCP media file.
Max CVSS
5.5
EPSS Score
0.10%
Published
2016-10-28
Updated
2016-11-29

CVE-2013-7260

Public exploit
Multiple stack-based buffer overflows in RealNetworks RealPlayer before 17.0.4.61 on Windows, and Mac RealPlayer before 12.0.1.1738, allow remote attackers to execute arbitrary code via a long (1) version number or (2) encoding declaration in the XML declaration of an RMP file, a different issue than CVE-2013-6877.
Max CVSS
7.5
EPSS Score
96.74%
Published
2014-01-03
Updated
2020-05-11
RealNetworks RealPlayer 16.0.2.32 and earlier allows remote attackers to cause a denial of service (resource consumption or application crash) via an HTML document containing JavaScript code that constructs a long string.
Max CVSS
4.3
EPSS Score
0.25%
Published
2013-07-06
Updated
2013-07-08
RealNetworks GameHouse RealArcade Installer (aka ActiveMARK Game Installer) 2.6.0.481 and 3.0.7 uses weak permissions (Create Files/Write Data) for the GameHouse Games directory tree, which allows local users to gain privileges via a Trojan horse DLL in an individual game's directory, as demonstrated by DDRAW.DLL in the Zuma Deluxe directory.
Max CVSS
7.2
EPSS Score
0.12%
Published
2015-01-12
Updated
2015-01-13
Stack-based buffer overflow in RealNetworks RealPlayer 15.0.5.109 allows user-assisted remote attackers to execute arbitrary code via a crafted ZIP file that triggers incorrect processing of long pathnames by the Watch Folders feature.
Max CVSS
6.8
EPSS Score
25.81%
Published
2012-11-04
Updated
2017-08-29
RealNetworks RealPlayer before 15.0.6.14, RealPlayer SP 1.0 through 1.1.5, and Mac RealPlayer before 12.0.1.1750 do not properly handle codec frame sizes in RealAudio files, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash) or possibly have unspecified other impact via a crafted file.
Max CVSS
7.5
EPSS Score
0.40%
Published
2012-09-12
Updated
2017-08-29
Buffer overflow in RealNetworks RealPlayer before 15.0.6.14, RealPlayer SP 1.0 through 1.1.5, and Mac RealPlayer before 12.0.1.1750 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted RealMedia file, a different vulnerability than CVE-2012-2409.
Max CVSS
6.8
EPSS Score
0.30%
Published
2012-09-12
Updated
2017-08-29
Buffer overflow in RealNetworks RealPlayer before 15.0.6.14, RealPlayer SP 1.0 through 1.1.5, and Mac RealPlayer before 12.0.1.1750 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted RealMedia file, a different vulnerability than CVE-2012-2410.
Max CVSS
7.5
EPSS Score
0.39%
Published
2012-09-12
Updated
2017-08-29
The AAC SDK in RealNetworks RealPlayer before 15.0.6.14, RealPlayer SP 1.0 through 1.1.5, and Mac RealPlayer before 12.0.1.1750 allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a crafted AAC file that is not properly handled during decoding.
Max CVSS
6.8
EPSS Score
0.28%
Published
2012-09-12
Updated
2017-08-29
Buffer overflow in RealNetworks RealPlayer before 15.0.6.14, RealPlayer SP 1.0 through 1.1.5, and Mac RealPlayer before 12.0.1.1750 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted AAC file that is not properly handled during stream-data unpacking.
Max CVSS
7.5
EPSS Score
0.39%
Published
2012-09-12
Updated
2017-08-29
master.exe in the SNMP Master Agent in RealNetworks Helix Server and Helix Mobile Server 14.x before 14.3.x allows remote attackers to cause a denial of service (unhandled exception and daemon crash) via a crafted Open-PDU request that triggers incorrect DisplayString processing, a different vulnerability than CVE-2012-1923.
Max CVSS
5.0
EPSS Score
0.75%
Published
2012-04-17
Updated
2017-12-29
master.exe in the SNMP Master Agent in RealNetworks Helix Server and Helix Mobile Server 14.x before 14.3.x allows remote attackers to cause a denial of service (daemon crash) by establishing and closing a port-705 TCP connection, a different vulnerability than CVE-2012-1923.
Max CVSS
5.0
EPSS Score
1.23%
Published
2012-04-17
Updated
2017-12-29
Cross-site request forgery (CSRF) vulnerability in RealNetworks Helix Server and Helix Mobile Server 14.x before 14.3.x allows remote attackers to hijack the authentication of administrators for requests that cause a denial of service (stack consumption and daemon crash) via a malformed URL.
Max CVSS
6.8
EPSS Score
0.26%
Published
2012-04-17
Updated
2017-12-29
Multiple cross-site scripting (XSS) vulnerabilities in RealNetworks Helix Server and Helix Mobile Server 14.x before 14.3.x allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Max CVSS
4.3
EPSS Score
0.24%
Published
2012-04-17
Updated
2017-12-29
mp4fformat.dll in the QuickTime File Format plugin in RealNetworks RealPlayer 15 and earlier, and RealPlayer SP 1.1.4 Build 12.0.0.756 and earlier, allows remote attackers to cause a denial of service (memory corruption and application crash) via a crafted MP4 file.
Max CVSS
4.3
EPSS Score
0.70%
Published
2012-03-28
Updated
2012-08-25
Buffer overflow in rn5auth.dll in RealNetworks Helix Server and Helix Mobile Server 14.x before 14.3.x allows remote attackers to execute arbitrary code via crafted authentication credentials.
Max CVSS
7.5
EPSS Score
96.49%
Published
2012-04-17
Updated
2017-12-29
Cross-zone scripting vulnerability in the RealPlayer ActiveX control in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5 and RealPlayer SP 1.0 through 1.1.5 allows remote attackers to inject arbitrary web script or HTML in the Local Zone via a local HTML document.
Max CVSS
4.3
EPSS Score
0.34%
Published
2011-08-18
Updated
2011-10-06
Cross-zone scripting vulnerability in the RealPlayer ActiveX control in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5, RealPlayer SP 1.0 through 1.1.5, and RealPlayer Enterprise 2.0 through 2.1.5 allows remote attackers to inject arbitrary web script or HTML in the Local Zone via a local HTML document, a different vulnerability than CVE-2011-2947.
Max CVSS
4.3
EPSS Score
0.11%
Published
2011-10-04
Updated
2012-05-14
Untrusted search path vulnerability in RealPlayer SP 1.1.5 12.0.0.879 allows local users to gain privileges via a Trojan horse rio500.dll file in the current working directory, as demonstrated by a directory that contains a .avi file. NOTE: some of these details are obtained from third party information.
Max CVSS
6.9
EPSS Score
0.08%
Published
2012-09-07
Updated
2012-09-07
Cross-zone scripting vulnerability in the HandleAction method in a certain ActiveX control in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.5, and RealPlayer Enterprise 2.1.2 allows remote attackers to inject arbitrary web script or HTML in the Local Zone by specifying a local file in a NavigateToURL action, as demonstrated by a local skin file.
Max CVSS
4.3
EPSS Score
1.58%
Published
2010-12-14
Updated
2011-01-19
The (1) Upsell.htm, (2) Main.html, and (3) Custsupport.html components in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.5, and RealPlayer Enterprise 2.1.2 and 2.1.3 allow remote attackers to inject code into the RealOneActiveXObject process, and consequently bypass intended Local Machine Zone restrictions and load arbitrary ActiveX controls, via unspecified vectors.
Max CVSS
4.3
EPSS Score
4.85%
Published
2010-12-14
Updated
2011-01-19
The cook codec in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.4, RealPlayer Enterprise 2.1.2, Mac RealPlayer 11.0 through 11.1, and Linux RealPlayer 11.0.2.1744 does not properly initialize the number of channels, which allows attackers to obtain unspecified "memory access" via unknown vectors.
Max CVSS
5.0
EPSS Score
0.20%
Published
2010-12-14
Updated
2011-01-19
78 vulnerabilities found
1 2 3 4
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!