CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Realnetworks : Security Vulnerabilities (CVSS score between 7 and 7.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2013-7260 119 1 Exec Code Overflow 2014-01-03 2014-04-25
7.5
None Remote Low Not required Partial Partial Partial
Multiple stack-based buffer overflows in RealNetworks RealPlayer before 17.0.4.61 on Windows, and Mac RealPlayer before 12.0.1.1738, allow remote attackers to execute arbitrary code via a long (1) version number or (2) encoding declaration in the XML declaration of an RMP file, a different issue than CVE-2013-6877.
2 CVE-2012-3234 189 DoS 2012-09-12 2013-03-21
7.5
None Remote Low Not required Partial Partial Partial
RealNetworks RealPlayer before 15.0.6.14, RealPlayer SP 1.0 through 1.1.5, and Mac RealPlayer before 12.0.1.1750 do not properly handle codec frame sizes in RealAudio files, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash) or possibly have unspecified other impact via a crafted file.
3 CVE-2012-2409 119 DoS Overflow 2012-09-12 2013-03-21
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in RealNetworks RealPlayer before 15.0.6.14, RealPlayer SP 1.0 through 1.1.5, and Mac RealPlayer before 12.0.1.1750 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted RealMedia file, a different vulnerability than CVE-2012-2410.
4 CVE-2012-2407 119 DoS Overflow 2012-09-12 2013-03-21
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in RealNetworks RealPlayer before 15.0.6.14, RealPlayer SP 1.0 through 1.1.5, and Mac RealPlayer before 12.0.1.1750 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted AAC file that is not properly handled during stream-data unpacking.
5 CVE-2012-0942 119 Exec Code Overflow 2012-04-17 2012-08-13
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in rn5auth.dll in RealNetworks Helix Server and Helix Mobile Server 14.x before 14.3.x allows remote attackers to execute arbitrary code via crafted authentication credentials.
6 CVE-2010-1317 119 Overflow 2010-04-20 2010-04-21
7.5
None Remote Low Not required Partial Partial Partial
Heap-based buffer overflow in the NTLM authentication functionality in RealNetworks Helix Server and Helix Mobile Server 11.x, 12.x, and 13.x allows remote attackers to have an unspecified impact via invalid base64-encoded data.
7 CVE-2010-0416 119 DoS Exec Code Overflow 2010-02-18 2010-08-21
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in the Unescape function in common/util/hxurl.cpp and player/hxclientkit/src/CHXClientSink.cpp in Helix Player 1.0.6 and RealPlayer allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a URL argument containing a % (percent) character that is not followed by two hex digits.
8 CVE-2007-2497 1 DoS 2007-05-03 2008-11-13
7.8
None Remote Low Not required None None Complete
RealNetworks RealPlayer 10 Gold allows remote attackers to cause a denial of service (memory consumption) via a certain .ra file. NOTE: this issue was referred to as a "memory leak," but it is not clear if this is correct.
9 CVE-2006-3276 Exec Code Overflow 2006-06-28 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Heap-based buffer overflow in RealNetworks Helix DNA Server 10.0 and 11.0 allows remote attackers to execute arbitrary code via (1) a long User-Agent HTTP header in the RTSP service and (2) unspecified vectors involving the "parsing of HTTP URL schemes".
10 CVE-2005-4130 Exec Code 2005-12-09 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
** UNVERIFIABLE, PRERELEASE ** NOTE: this issue describes a problem that can not be independently verified as of 20051208. Unspecified vulnerability in unspecified versions of Real Networks RealPlayer allows remote attackers to execute arbitrary code. NOTE: it is not known whether this issue should be MERGED with CVE-2005-4126. The information regarding this issue is extremely vague and does not provide any verifiable information. It has been posted by a reliable reporter with a prerelease disclosure policy. This item has only been assigned a CVE identifier for tracking purposes, and to serve as a concrete example for discussion of the newly emerging UNVERIFIABLE and PRERELEASE content decisions in CVE, which must be discussed by the Editorial Board. Without additional details or independent verification by reliable sources, it is possible that this item might be RECAST or REJECTED.
11 CVE-2005-4126 Exec Code 2005-12-09 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
** UNVERIFIABLE, PRERELEASE ** NOTE: this issue describes a problem that can not be independently verified as of 20051208. Unspecified vulnerability in unspecified versions of Real Networks RealPlayer allows attackers to execute arbitrary code. NOTE: the information regarding this issue is extremely vague and does not provide any verifiable information. It has been posted by a reliable reporter with a prerelease disclosure policy. This item has only been assigned a CVE identifier for tracking purposes, and to serve as a concrete example for discussion of the newly emerging UNVERIFIABLE and PRERELEASE content decisions in CVE, which must be discussed by the Editorial Board. Without additional details or independent verification by reliable sources, it is possible that this item might be RECAST or REJECTED.
12 CVE-2005-3677 Exec Code Overflow 2005-11-18 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in RealNetworks RealPlayer 10 and 10.5 allows remote attackers to execute arbitrary code via a crafted image in a RealPlayer Skin (RJS) file. NOTE: due to the lack of details, it is unclear how this is different than CVE-2005-2629 and CVE-2005-2630, but the vendor advisory implies that it is different.
13 CVE-2005-2936 264 +Priv 2005-11-18 2011-05-19
7.2
Admin Local Low Not required Complete Complete Complete
Unquoted Windows search path vulnerability in RealNetworks RealPlayer 10.5 6.0.12.1040 through 6.0.12.1348, RealPlayer 10, RealOne Player v2, RealOne Player v1, and RealPlayer 8 before 20060322 might allow local users to gain privileges via a malicious C:\program.exe file.
14 CVE-2005-0189 Exec Code Overflow 2004-10-06 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Stack-based buffer overflow in the HandleAction function in RealPlayer 10.5 (6.0.12.1040) and earlier allows remote attackers to execute arbitrary code via a long ShowPreferences argument.
15 CVE-2004-0774 DoS 2004-11-03 2008-09-05
7.8
None Remote Low Not required None None Complete
RealNetworks Helix Universal Server 9.0.2 for Linux and 9.0.3 for Windows allows remote attackers to cause a denial of service (CPU and memory exhaustion) via a POST request with a Content-Length header set to -1.
16 CVE-2004-0550 Exec Code Overflow 2004-08-06 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in Real Networks RealPlayer 10 allows remote attackers to execute arbitrary code via a URL with a large number of "." (period) characters.
17 CVE-2004-0389 DoS 2004-06-01 2008-09-10
7.8
None Remote Low Not required None None Complete
RealNetworks Helix Universal Server 9.0.1 and 9.0.2 allows remote attackers to cause a denial of service (crash) via malformed requests that trigger a null dereference, as demonstrated using (1) GET_PARAMETER or (2) DESCRIBE requests.
18 CVE-2004-0258 Exec Code Overflow 2004-11-23 2008-09-05
7.6
Admin Remote High Not required Complete Complete Complete
Multiple buffer overflows in RealOne Player, RealOne Player 2.0, RealOne Enterprise Desktop, and RealPlayer Enterprise allow remote attackers to execute arbitrary code via malformed (1) .RP, (2) .RT, (3) .RAM, (4) .RPM or (5) .SMIL files.
19 CVE-2003-1117 DoS Exec Code Overflow 2003-12-31 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in RealSystem Server 6.x, 7.x and 8.x, and RealSystem Proxy 8.x, related to URL error handling, allows remote attackers to cause a denial of service and possibly execute arbitrary code.
20 CVE-2003-0725 Exec Code Overflow 2003-10-20 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in the RTSP protocol parser for the View Source plug-in (vsrcplin.so or vsrcplin3260.dll) for RealNetworks Helix Universal Server 9 and RealSystem Server 8, 7 and RealServer G2 allows remote attackers to execute arbitrary code.
21 CVE-2002-1643 Exec Code Overflow 2002-12-19 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Multiple buffer overflows in RealNetworks Helix Universal Server 9.0 (9.0.2.768) allow remote attackers to execute arbitrary code via (1) a long Transport field in a SETUP RSTP request, (2) a DESCRIBE RSTP request with a long URL argument, or (3) two simultaneous HTTP GET requests with long arguments.
22 CVE-2002-1321 Exec Code Overflow 2002-12-11 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Multiple buffer overflows in RealOne and RealPlayer allow remote attackers to execute arbitrary code via (1) a Synchronized Multimedia Integration Language (SMIL) file with a long parameter, (2) a long long filename in a rtsp:// request, e.g. from a .m3u file, or (3) certain "Now Playing" options on a downloaded file with a long filename.
23 CVE-2002-1015 2002-10-04 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
RealJukebox 2 1.0.2.340 and 1.0.2.379, and RealOne Player Gold 6.0.10.505, allows remote attackers to execute arbitrary script in the Local computer zone by inserting the script into the skin.ini file of an RJS archive, then referencing skin.ini from a web page after it has been extracted, which is parsed as HTML by Internet Explorer or other Microsoft-based web readers.
24 CVE-2002-1014 Exec Code Overflow 2002-10-04 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in RealJukebox 2 1.0.2.340 and 1.0.2.379, and RealOne Player Gold 6.0.10.505, allows remote attackers to execute arbitrary code via an RFS skin file whose skin.ini contains a long value in a CONTROLnImage argument, such as CONTROL1Image.
25 CVE-2002-0207 Exec Code Overflow 2002-05-16 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in Real Networks RealPlayer 8.0 and earlier allows remote attackers to execute arbitrary code via a header length value that exceeds the actual length of the header.
26 CVE-2000-0474 DoS 2000-06-01 2008-09-10
7.8
None Remote Low Not required None None Complete
Real Networks RealServer 7.x allows remote attackers to cause a denial of service via a malformed request for a page in the viewsource directory.
27 CVE-2000-0272 DoS 2000-04-20 2008-09-10
7.8
None Remote Low Not required None None Complete
RealNetworks RealServer allows remote attackers to cause a denial of service by sending malformed input to the server at port 7070.
28 CVE-1999-1045 DoS 1998-01-15 2008-09-05
7.8
None Remote Low Not required None None Complete
pnserver in RealServer 5.0 and earlier allows remote attackers to cause a denial of service by sending a short, malformed request.
Total number of vulnerabilities : 28   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.