Vulnerabilities > Realnetworks

DATE CVE VULNERABILITY TITLE RISK
2008-07-28 CVE-2008-3064 Permissions, Privileges, and Access Controls vulnerability in Realnetworks Realplayer 10.0/10.5
Unspecified vulnerability in RealNetworks RealPlayer Enterprise, RealPlayer 10, and RealPlayer 10.5 before build 6.0.12.1675 has unknown impact and attack vectors, probably related to accessing local files, aka a "Local resource reference vulnerability." RealPlayer has indicated that a version exists called "enterprise." Link: http://service.real.com/realplayer/security/07252008_player/en/
network
low complexity
realnetworks CWE-264
critical
10.0
2008-07-28 CVE-2007-5400 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products
Heap-based buffer overflow in the Shockwave Flash (SWF) frame handling in RealNetworks RealPlayer 10.5 Build 6.0.12.1483 might allow remote attackers to execute arbitrary code via a crafted SWF file.
network
real realnetworks CWE-119
critical
9.3
2008-03-12 CVE-2008-1309 Resource Management Errors vulnerability in Realnetworks Realplayer 10.0/10.5/11
The RealAudioObjects.RealAudio ActiveX control in rmoc3260.dll in RealNetworks RealPlayer Enterprise, RealPlayer 10, RealPlayer 10.5 before build 6.0.12.1675, and RealPlayer 11 before 11.0.3 build 6.0.14.806 does not properly manage memory for the (1) Console or (2) Controls property, which allows remote attackers to execute arbitrary code or cause a denial of service (browser crash) via a series of assignments of long string values, which triggers an overwrite of freed heap memory.
network
realnetworks CWE-399
critical
9.3
2008-01-08 CVE-2008-0098 Buffer Errors vulnerability in Realnetworks Realplayer 11Build6.0.14.748
Buffer overflow in RealPlayer 11 build 6.0.14.748 allows remote attackers to execute arbitrary code via unspecified vectors.
network
low complexity
realnetworks CWE-119
critical
10.0
2007-10-31 CVE-2007-5081 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Realnetworks Realone Player, Realplayer and Realplayer Enterprise
Heap-based buffer overflow in RealNetworks RealPlayer 8, 10, 10.1, and possibly 10.5; RealOne Player 1 and 2; and RealPlayer Enterprise allows remote attackers to execute arbitrary code via a crafted RM file.
network
realnetworks CWE-119
critical
9.3
2007-10-31 CVE-2007-5080 Numeric Errors vulnerability in Realnetworks Realone Player, Realplayer and Realplayer Enterprise
Integer overflow in RealNetworks RealPlayer 10 and 10.5, RealOne Player 1, and RealPlayer Enterprise for Windows allows remote attackers to execute arbitrary code via a crafted Lyrics3 2.00 tag in an MP3 file, resulting in a heap-based buffer overflow.
network
realnetworks CWE-189
critical
9.3
2007-10-31 CVE-2007-4599 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Realnetworks Realone Player and Realplayer
Stack-based buffer overflow in RealNetworks RealPlayer 10 and possibly 10.5, and RealOne Player 1 and 2, for Windows allows remote attackers to execute arbitrary code via a crafted playlist (PLS) file.
network
realnetworks CWE-119
critical
9.3
2007-10-31 CVE-2007-2264 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Realnetworks Realone Player, Realplayer and Realplayer Enterprise
Heap-based buffer overflow in RealNetworks RealPlayer 8, 10, 10.1, and possibly 10.5; RealOne Player 1 and 2; and RealPlayer Enterprise allows remote attackers to execute arbitrary code via a RAM (.ra or .ram) file with a large size value in the RA header.
network
realnetworks CWE-119
critical
9.3
2007-10-31 CVE-2007-2263 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Realnetworks Realone Player, Realplayer and Realplayer Enterprise
Heap-based buffer overflow in RealNetworks RealPlayer 10.0, 10.1, and possibly 10.5, RealOne Player, and RealPlayer Enterprise allows remote attackers to execute arbitrary code via an SWF (Flash) file with malformed record headers.
network
realnetworks CWE-119
critical
9.3
2007-10-20 CVE-2007-5601 Buffer Errors vulnerability in Realnetworks Realplayer 10.0/10.5/11Beta
Stack-based buffer overflow in the Database Component in MPAMedia.dll in RealNetworks RealPlayer 10.5 and 11 beta, and earlier versions including 10, RealOne Player, and RealOne Player 2, allows remote attackers to execute arbitrary code via certain playlist names, as demonstrated via the import method to the IERPCtl ActiveX control in ierpplug.dll.
network
realnetworks CWE-119
critical
9.3