Realplayer

realplayer

Vendor: Realnetworks • 170 CVEs

CVEs (170)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2005-0192 1Realnetworks 2Realone Player Realplayer Apr 16, 2026 Oct 6, 2004 N/A· v4 N/A· v3 2.6 LOW· v2 Directory traversal vulnerability in the parsing of Skin file names in RealPlayer 10.5 (6.0.12.1040) and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in an RJS filename.
CVE-2005-0189 1Realnetworks 2Realone Player Realplayer Apr 16, 2026 Oct 6, 2004 N/A· v4 N/A· v3 7.5 HIGH· v2 Stack-based buffer overflow in the HandleAction function in RealPlayer 10.5 (6.0.12.1040) and earlier allows remote attackers to execute arbitrary code via a long ShowPreferences argument.
CVE-2005-0190 1Realnetworks 2Realone Player Realplayer Apr 16, 2026 Sep 29, 2004 N/A· v4 N/A· v3 2.6 LOW· v2 Directory traversal vulnerability in RealPlayer 10.5 (6.0.12.1040) and earlier allows remote attackers to delete arbitrary files via a Real Metadata Packages (RMP) file with a FILENAME tag containing .. (dot dot) sequenc...Show more Directory traversal vulnerability in RealPlayer 10.5 (6.0.12.1040) and earlier allows remote attackers to delete arbitrary files via a Real Metadata Packages (RMP) file with a FILENAME tag containing .. (dot dot) sequences in a filename that ends with a ? (question mark) and an allowed file extension (e.g. .mp3), which bypasses the check for the file extension.Show less
CVE-2004-0550 1Realnetworks 1Realplayer Apr 16, 2026 Aug 6, 2004 N/A· v4 N/A· v3 7.5 HIGH· v2 Buffer overflow in Real Networks RealPlayer 10 allows remote attackers to execute arbitrary code via a URL with a large number of "." (period) characters.
CVE-2004-0387 1Realnetworks 2Realone Player Realplayer Apr 16, 2026 Jun 1, 2004 N/A· v4 N/A· v3 5.1 MEDIUM· v2 Stack-based buffer overflow in the RT3 plugin, as used in RealPlayer 8, RealOne Player, RealOne Player 10 beta, and RealOne Player Enterprise, allows remote attackers to execute arbitrary code via a malformed .R3T file.
CVE-2003-0141 1Realnetworks 3Realone Enterprise Desktop Realone PlayerRealplayer Apr 16, 2026 Apr 2, 2003 N/A· v4 N/A· v3 5.1 MEDIUM· v2 The PNG deflate algorithm in RealOne Player 6.0.11.x and earlier, RealPlayer 8/RealPlayer Plus 8 6.0.9.584, and other versions allows remote attackers to corrupt the heap and overwrite arbitrary memory via a PNG graphic...Show more The PNG deflate algorithm in RealOne Player 6.0.11.x and earlier, RealPlayer 8/RealPlayer Plus 8 6.0.9.584, and other versions allows remote attackers to corrupt the heap and overwrite arbitrary memory via a PNG graphic file format containing compressed data using fixed trees that contain the length values 286-287, which are treated as a very large length.Show less
CVE-2002-1321 1Realnetworks 2Realone Player Realplayer Apr 16, 2026 Dec 11, 2002 N/A· v4 N/A· v3 7.5 HIGH· v2 Multiple buffer overflows in RealOne and RealPlayer allow remote attackers to execute arbitrary code via (1) a Synchronized Multimedia Integration Language (SMIL) file with a long parameter, (2) a long long filename in a...Show more Multiple buffer overflows in RealOne and RealPlayer allow remote attackers to execute arbitrary code via (1) a Synchronized Multimedia Integration Language (SMIL) file with a long parameter, (2) a long long filename in a rtsp:// request, e.g. from a .m3u file, or (3) certain "Now Playing" options on a downloaded file with a long filename.Show less
CVE-2002-0415 1Realnetworks 1Realplayer Apr 16, 2026 Aug 12, 2002 N/A· v4 N/A· v3 1.7 LOW· v2 Directory traversal vulnerability in the web server used in RealPlayer 6.0.7, and possibly other versions, may allow local users to read files that are accessible to RealPlayer via a .. (dot dot) in an HTTP GET request t...Show more Directory traversal vulnerability in the web server used in RealPlayer 6.0.7, and possibly other versions, may allow local users to read files that are accessible to RealPlayer via a .. (dot dot) in an HTTP GET request to port 1275.Show less
CVE-2002-0337 1Realnetworks 1Realplayer Apr 16, 2026 Jun 25, 2002 N/A· v4 N/A· v3 5.4 MEDIUM· v2 RealPlayer 8 allows remote attackers to cause a denial of service (CPU utilization) via malformed .mp3 files.
CVE-2000-0280 1Realnetworks 1Realplayer Apr 16, 2026 Apr 3, 2000 N/A· v4 N/A· v3 2.6 LOW· v2 Buffer overflow in the RealNetworks RealPlayer client versions 6 and 7 allows remote attackers to cause a denial of service via a long Location URL.

Previous 1...5 6 7 89