| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Heap-based buffer overflow in the RealVideo renderer in RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via unspecified vectors. |
| The RealVideo renderer in RealNetworks RealPlayer before 15.0.0 and Mac RealPlayer before 12.0.0.1703 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. |
| The AAC codec in RealNetworks RealPlayer before 15.0.0 and Mac RealPlayer before 12.0.0.1703 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. |
| Array index error in the RV30 codec in RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via unspecified vectors. |
| Unspecified vulnerability in the ATRC codec in RealNetworks RealPlayer before 15.0.0 and Mac RealPlayer before 12.0.0.1703 allows remote attackers to execute arbitrary code via unknown vectors. |
| Unspecified vulnerability in RealNetworks RealPlayer before 15.0.0 and Mac RealPlayer before 12.0.0.1703 allows remote attackers to execute arbitrary code via an invalid codec name. |
| The RV30 codec in RealNetworks RealPlayer before 15.0.0 and Mac RealPlayer before 12.0.0.1703 does not initialize an unspecified index value, which allows remote attackers to execute arbitrary code via unknown vectors. |
| The Cook codec in RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via crafted channel data. |
| Unspecified vulnerability in the RV40 codec in RealNetworks RealPlayer 11.x, 14.x, and 15.x before 15.02.71, and RealPlayer SP 1.0 through 1.1.5, allows remote attackers to execute arbitrary code via a crafted RV40 RealVideo video stream. |
| The ATRAC codec in RealNetworks RealPlayer 11.x and 14.x through 14.0.7, RealPlayer SP 1.0 through 1.1.5, and Mac RealPlayer 12.x before 12.0.0.1703 does not properly decode samples, which allows remote attackers to execute arbitrary code via a crafted ATRAC audio file. |
| master.exe in the SNMP Master Agent in RealNetworks Helix Server and Helix Mobile Server 14.x before 14.3.x allows remote attackers to cause a denial of service (unhandled exception and daemon crash) via a crafted Open-PDU request that triggers incorrect DisplayString processing, a different vulnerability than CVE-2012-1923. |
| The AAC SDK in RealNetworks RealPlayer before 15.0.6.14, RealPlayer SP 1.0 through 1.1.5, and Mac RealPlayer before 12.0.1.1750 allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a crafted AAC file that is not properly handled during decoding. |
| Buffer overflow in RealNetworks RealPlayer before 15.0.6.14, RealPlayer SP 1.0 through 1.1.5, and Mac RealPlayer before 12.0.1.1750 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted RealMedia file, a different vulnerability than CVE-2012-2410. |
| Buffer overflow in RealNetworks RealPlayer before 15.0.6.14, RealPlayer SP 1.0 through 1.1.5, and Mac RealPlayer before 12.0.1.1750 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted RealMedia file, a different vulnerability than CVE-2012-2409. |
| Buffer overflow in RealNetworks RealPlayer before 15.0.4.53, and RealPlayer SP 1.0 through 1.1.5, allows remote attackers to execute arbitrary code via a crafted RealJukebox Media file. |
| RealNetworks RealPlayer before 15.0.6.14, RealPlayer SP 1.0 through 1.1.5, and Mac RealPlayer before 12.0.1.1750 do not properly handle codec frame sizes in RealAudio files, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash) or possibly have unspecified other impact via a crafted file. |
| Buffer overflow in the Unescape function in common/util/hxurl.cpp and player/hxclientkit/src/CHXClientSink.cpp in Helix Player 1.0.6 and RealPlayer allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a URL argument containing a % (percent) character that is not followed by two hex digits. |
| The (1) Upsell.htm, (2) Main.html, and (3) Custsupport.html components in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.5, and RealPlayer Enterprise 2.1.2 and 2.1.3 allow remote attackers to inject code into the RealOneActiveXObject process, and consequently bypass intended Local Machine Zone restrictions and load arbitrary ActiveX controls, via unspecified vectors. |
| Cross-zone scripting vulnerability in the HandleAction method in a certain ActiveX control in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.5, and RealPlayer Enterprise 2.1.2 allows remote attackers to inject arbitrary web script or HTML in the Local Zone by specifying a local file in a NavigateToURL action, as demonstrated by a local skin file. |
| Stack-based buffer overflow in RealNetworks Helix Server 12.x, 13.x, and 14.x before 14.2, and Helix Mobile Server 12.x, 13.x, and 14.x before 14.2, allows remote attackers to execute arbitrary code via a long string in an RTSP request. |