| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| RealNetworks RealPlayer 11.x, 14.x, and 15.x before 15.02.71, and RealPlayer SP 1.0 through 1.1.5, allows remote attackers to execute arbitrary code via vectors involving a VIDOBJ_START_CODE code in a header within a video stream. |
| The RV10 codec in RealNetworks RealPlayer 11.x, 14.x, and 15.x before 15.02.71, and RealPlayer SP 1.0 through 1.1.5, does not properly handle height and width values, which allows remote attackers to execute arbitrary code via a crafted RV10 RealVideo video stream. |
| Unspecified vulnerability in RealNetworks RealPlayer 11.x, 14.x, and 15.x before 15.02.71, and RealPlayer SP 1.0 through 1.1.5, allows remote attackers to execute arbitrary code via vectors involving the coded_frame_size value in a RealAudio audio stream. |
| Integer overflow in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.4 on Windows might allow remote attackers to execute arbitrary code via a crafted QCP file that triggers a heap-based buffer overflow. |
| Heap-based buffer overflow in RealNetworks RealPlayer before 17.0.4.61 on Windows, and Mac RealPlayer before 12.0.1.1738, allows remote attackers to execute arbitrary code via a long string in the TRACKID element of an RMP file, a different vulnerability than CVE-2013-7260. |
| Heap-based buffer overflow in rvrender.dll in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.2, and RealPlayer SP 1.0 through 1.1.5, allows remote attackers to execute arbitrary code via a crafted frame in an Internet Video Recording (IVR) file. |
| Heap-based buffer overflow in qcpfformat.dll in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5 and RealPlayer SP 1.0 through 1.1.5 allows remote attackers to execute arbitrary code via a crafted QCP file. |
| Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.5, Mac RealPlayer 11.0 through 12.0.0.1444, and Linux RealPlayer 11.0.2.1744 allows remote attackers to execute arbitrary code by specifying many subbands in cook audio codec information in a Real Audio file. |
| Unspecified vulnerability in the RV20 codec in RealNetworks RealPlayer before 15.0.0 and Mac RealPlayer before 12.0.0.1703 allows remote attackers to execute arbitrary code via unknown vectors. |
| Stack-based buffer overflow in the AgentX::receive_agentx function in AgentX++ 1.4.16, as used in RealNetworks Helix Server and Helix Mobile Server 11.x through 13.x and other products, allows remote attackers to execute arbitrary code via unspecified vectors. |
| Buffer overflow in a DLL file in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows remote attackers to execute arbitrary code via a crafted Internet Video Recording (IVR) file with a filename length field containing a large integer, which triggers overwrite of an arbitrary memory location with a 0x00 byte value, related to use of RealPlayer through a Windows Explorer plugin. |
| Heap-based buffer overflow in the RTSP service in Helix DNA Server before 11.1.4 allows remote attackers to execute arbitrary code via an RSTP command containing multiple Require headers. |
| RealNetworks RealPlayer 10 Gold allows remote attackers to cause a denial of service (memory consumption) via a certain .ra file. NOTE: this issue was referred to as a "memory leak," but it is not clear if this is correct. |
| The RealAudioObjects.RealAudio ActiveX control in rmoc3260.dll in RealNetworks RealPlayer Enterprise, RealPlayer 10, RealPlayer 10.5 before build 6.0.12.1675, and RealPlayer 11 before 11.0.3 build 6.0.14.806 does not properly manage memory for the (1) Console or (2) Controls property, which allows remote attackers to execute arbitrary code or cause a denial of service (browser crash) via a series of assignments of long string values, which triggers an overwrite of freed heap memory. |
| Unspecified vulnerability in RealNetworks RealPlayer Enterprise, RealPlayer 10, and RealPlayer 10.5 before build 6.0.12.1675 has unknown impact and attack vectors, probably related to accessing local files, aka a "Local resource reference vulnerability." |
| RealNetworks RealPlayer 10.1.0.3114 and earlier, and Helix Player 1.0.6.778 on Fedora Core 6 (FC6) and possibly other platforms, allow user-assisted remote attackers to cause a denial of service (application crash) via a malformed .au file that triggers a divide-by-zero error. |
| Heap-based buffer overflow in the Shockwave Flash (SWF) frame handling in RealNetworks RealPlayer 10.5 Build 6.0.12.1483 might allow remote attackers to execute arbitrary code via a crafted SWF file. |
| Stack-based buffer overflow in the Database Component in MPAMedia.dll in RealNetworks RealPlayer 10.5 and 11 beta, and earlier versions including 10, RealOne Player, and RealOne Player 2, allows remote attackers to execute arbitrary code via certain playlist names, as demonstrated via the import method to the IERPCtl ActiveX control in ierpplug.dll. |
| Buffer overflow in RealPlayer 11 build 6.0.14.748 allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: As of 20080103, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. |
| An ActiveX control in ierpplug.dll for RealNetworks RealPlayer 10.5 allows remote attackers to cause a denial of service (Internet Explorer 7 crash) by invoking the RealPlayer.OpenURLInPlayerBrowser method with a long second argument. |
