Vulnerabilities > Realnetworks
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2011-08-18 | CVE-2011-2947 | Cross-Site Scripting vulnerability in Realnetworks Realplayer and Realplayer SP Cross-zone scripting vulnerability in the RealPlayer ActiveX control in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5 and RealPlayer SP 1.0 through 1.1.5 allows remote attackers to inject arbitrary web script or HTML in the Local Zone via a local HTML document. | 4.3 |
| 2011-08-18 | CVE-2011-2946 | ActiveX Control Remote Code Execution vulnerability in Real Networks RealPlayer Unspecified vulnerability in an ActiveX control in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5, RealPlayer SP 1.0 through 1.1.5, and RealPlayer Enterprise 2.0 through 2.1.5 allows remote attackers to execute arbitrary code via unknown vectors. | 10.0 |
| 2011-08-18 | CVE-2011-2945 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Realnetworks Realplayer and Realplayer SP Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5 and RealPlayer SP 1.0 through 1.1.5 allows remote attackers to execute arbitrary code via a crafted SIPR stream. | 9.3 |
| 2011-04-18 | CVE-2011-1426 | Remote Code Execution vulnerability in Real Networks RealPlayer 'OpenURLInDefaultBrowser()' Function The OpenURLInDefaultBrowser method in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.2, and RealPlayer SP 1.0 through 1.1.5, launches a default handler for the filename specified in the first argument, which allows remote attackers to execute arbitrary code via a .rnx filename corresponding to a crafted RNX file. | 9.3 |
| 2011-04-06 | CVE-2011-1525 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Realnetworks Realplayer Heap-based buffer overflow in rvrender.dll in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.2, and RealPlayer SP 1.0 through 1.1.5, allows remote attackers to execute arbitrary code via a crafted frame in an Internet Video Recording (IVR) file. | 9.3 |
| 2011-04-04 | CVE-2010-4596 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Realnetworks Helix Mobile Server and Helix Server Stack-based buffer overflow in RealNetworks Helix Server 12.x, 13.x, and 14.x before 14.2, and Helix Mobile Server 12.x, 13.x, and 14.x before 14.2, allows remote attackers to execute arbitrary code via a long string in an RTSP request. | 9.3 |
| 2011-04-04 | CVE-2010-4235 | USE of Externally-Controlled Format String vulnerability in Realnetworks Helix Mobile Server and Helix Server Format string vulnerability in RealNetworks Helix Server 12.x, 13.x, and 14.x before 14.2, and Helix Mobile Server 12.x, 13.x, and 14.x before 14.2, allows remote attackers to execute arbitrary code via vectors related to the x-wap-profile HTTP header. | 10.0 |
| 2011-02-21 | CVE-2011-0694 | Unspecified vulnerability in Realnetworks Realplayer and Realplayer SP RealNetworks RealPlayer 11.0 through 11.1, SP 1.0 through 1.1.5, and 14.0.0 through 14.0.1, and Enterprise 2.0 through 2.1.4, uses predictable names for temporary files, which allows remote attackers to conduct cross-domain scripting attacks and execute arbitrary code via the OpenURLinPlayerBrowser function. | 9.3 |
| 2011-01-31 | CVE-2010-4393 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Realnetworks Realplayer and Realplayer SP Heap-based buffer overflow in vidplin.dll in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.x before 14.0.2, and RealPlayer SP 1.0 through 1.1.5, allows remote attackers to execute arbitrary code via a crafted header in an AVI file. | 9.3 |
| 2010-12-14 | CVE-2010-4397 | Numeric Errors vulnerability in Realnetworks Realplayer and Realplayer SP Integer overflow in the pnen3260.dll module in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.1, Mac RealPlayer 11.0 through 11.1, and Linux RealPlayer 11.0.2.1744 allows remote attackers to execute arbitrary code via a crafted TIT2 atom in an AAC file. | 9.3 |