Vulnerabilities > Realnetworks
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2010-01-25 | CVE-2009-4244 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Realnetworks products Heap-based buffer overflow in RealNetworks RealPlayer 10; RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741; RealPlayer 11 11.0.0 through 11.0.4; RealPlayer Enterprise; Mac RealPlayer 10, 10.1, and 11.0; Linux RealPlayer 10; and Helix Player 10.x allows remote attackers to execute arbitrary code via an SIPR codec field with a small length value that triggers incorrect memory allocation. | 9.3 |
2010-01-25 | CVE-2009-4243 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Realnetworks products RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allow remote attackers to have an unspecified impact via a crafted media file that uses HTTP chunked transfer coding, related to an "overflow." Specific affected release information can be found from RealNetworks at: http://service.real.com/realplayer/security/01192010_player/en/ | 9.3 |
2010-01-25 | CVE-2009-4242 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Realnetworks products Heap-based buffer overflow in the CGIFCodec::GetPacketBuffer function in datatype/image/gif/common/gifcodec.cpp in RealNetworks RealPlayer 10; RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741; RealPlayer 11 11.0.0 through 11.0.4; RealPlayer Enterprise; Mac RealPlayer 10, 10.1, and 11.0; Linux RealPlayer 10; and Helix Player 10.x allows remote attackers to execute arbitrary code via a GIF file with crafted chunk sizes that trigger improper memory allocation. | 9.3 |
2010-01-25 | CVE-2009-4241 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Realnetworks products Heap-based buffer overflow in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows remote attackers to execute arbitrary code via a file with invalid ASMRuleBook structures that trigger heap memory corruption. | 9.3 |
2009-07-20 | CVE-2009-2534 | Improper Input Validation vulnerability in Realnetworks Helix Server and Helix Server Mobile RealNetworks Helix Server and Helix Mobile Server before 13.0.0 allow remote attackers to cause a denial of service (daemon crash) via an RTSP SETUP request that (1) specifies the / URI or (2) lacks a / character in the URI. | 5.0 |
2009-07-20 | CVE-2009-2533 | Improper Input Validation vulnerability in Realnetworks Helix Server and Helix Server Mobile rmserver in RealNetworks Helix Server and Helix Mobile Server before 13.0.0 allows remote attackers to cause a denial of service (daemon exit) via multiple RTSP SET_PARAMETER requests with empty DataConvertBuffer headers. | 5.0 |
2009-02-08 | CVE-2009-0376 | Buffer Errors vulnerability in Realnetworks Realplayer 11 Heap-based buffer overflow in a DLL file in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows remote attackers to execute arbitrary code via a crafted Internet Video Recording (IVR) file with a modified field that controls an unspecified structure length and triggers heap corruption, related to use of RealPlayer through a Windows Explorer plugin. | 9.3 |
2009-02-08 | CVE-2009-0375 | Code Injection vulnerability in Realnetworks Realplayer 11 Buffer overflow in a DLL file in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows remote attackers to execute arbitrary code via a crafted Internet Video Recording (IVR) file with a filename length field containing a large integer, which triggers overwrite of an arbitrary memory location with a 0x00 byte value, related to use of RealPlayer through a Windows Explorer plugin. | 9.3 |
2009-01-20 | CVE-2008-5911 | Buffer Errors vulnerability in Realnetworks Helix Server and Helix Server Mobile Multiple buffer overflows in RealNetworks Helix Server and Helix Mobile Server 11.x before 11.1.8 and 12.x before 12.0.1 allow remote attackers to (1) cause a denial of service via three crafted RTSP SETUP commands, or execute arbitrary code via (2) an NTLM authentication request with malformed base64-encoded data, (3) an RTSP DESCRIBE command, or (4) a DataConvertBuffer request. | 10.0 |
2008-07-28 | CVE-2008-3066 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Realnetworks Realplayer 10.0/10.5 Stack-based buffer overflow in a certain ActiveX control in rjbdll.dll in RealNetworks RealPlayer Enterprise, RealPlayer 10, and RealPlayer 10.5 before build 6.0.12.1675 allows remote attackers to execute arbitrary code by importing a file into a media library and then deleting this file. | 9.3 |