Vulnerabilities > Realnetworks

DATE CVE VULNERABILITY TITLE RISK
2014-05-20 CVE-2014-3444 Code Injection vulnerability in Realnetworks Realplayer
The GetGUID function in codecs/dmp4.dll in RealNetworks RealPlayer 16.0.3.51 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (write access violation and application crash) via a malformed .3gp file.
network
realnetworks CWE-94
critical
9.3
2014-01-03 CVE-2013-7260 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Realnetworks Realplayer
Multiple stack-based buffer overflows in RealNetworks RealPlayer before 17.0.4.61 on Windows, and Mac RealPlayer before 12.0.1.1738, allow remote attackers to execute arbitrary code via a long (1) version number or (2) encoding declaration in the XML declaration of an RMP file, a different issue than CVE-2013-6877.
network
low complexity
realnetworks CWE-119
7.5
2013-12-19 CVE-2013-6877 Buffer Errors vulnerability in Realnetworks Realplayer 16.0.2.32/16.0.3.51
Heap-based buffer overflow in RealNetworks RealPlayer before 17.0.4.61 on Windows, and Mac RealPlayer before 12.0.1.1738, allows remote attackers to execute arbitrary code via a long string in the TRACKID element of an RMP file, a different vulnerability than CVE-2013-7260.
network
realnetworks CWE-119
critical
9.3
2013-08-27 CVE-2013-4974 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Realnetworks Realplayer and Realplayer SP
RealNetworks RealPlayer before 16.0.3.51, and RealPlayer SP 1.0 through 1.1.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a malformed RealMedia file.
network
realnetworks CWE-119
critical
9.3
2013-08-27 CVE-2013-4973 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Realnetworks Realplayer and Realplayer SP
Stack-based buffer overflow in RealNetworks RealPlayer before 16.0.3.51, and RealPlayer SP 1.0 through 1.1.5, allows remote attackers to execute arbitrary code via a crafted .rmp file.
network
realnetworks CWE-119
critical
9.3
2013-07-06 CVE-2013-3299 Improper Input Validation vulnerability in Realnetworks Realplayer
RealNetworks RealPlayer 16.0.2.32 and earlier allows remote attackers to cause a denial of service (resource consumption or application crash) via an HTML document containing JavaScript code that constructs a long string.
4.3
2013-03-20 CVE-2013-1750 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Realnetworks Realplayer and Realplayer SP
Heap-based buffer overflow in RealNetworks RealPlayer before 16.0.1.18 and RealPlayer SP 1.0 through 1.1.5 allows remote attackers to execute arbitrary code via a malformed MP4 file.
network
realnetworks CWE-119
critical
9.3
2012-12-19 CVE-2012-5691 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Realnetworks Realplayer and Realplayer SP
Buffer overflow in RealNetworks RealPlayer before 16.0.0.282 and RealPlayer SP 1.0 through 1.1.5 allows remote attackers to execute arbitrary code via a crafted RealMedia file.
network
realnetworks CWE-119
critical
9.3
2012-12-19 CVE-2012-5690 Code Injection vulnerability in Realnetworks Realplayer and Realplayer SP
RealNetworks RealPlayer before 16.0.0.282 and RealPlayer SP 1.0 through 1.1.5 allow remote attackers to execute arbitrary code via a RealAudio file that triggers access to an invalid pointer.
network
realnetworks CWE-94
critical
9.3
2012-11-04 CVE-2012-4987 Buffer Errors vulnerability in Realnetworks Realplayer 15.0.5.109
Stack-based buffer overflow in RealNetworks RealPlayer 15.0.5.109 allows user-assisted remote attackers to execute arbitrary code via a crafted ZIP file that triggers incorrect processing of long pathnames by the Watch Folders feature.
6.8