Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:realnetworks:realplayer_sp:1.0.0:*:*:*:*:*:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2010-3751 |
Multiple heap-based buffer overflows in an ActiveX control in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.4 allow remote attackers to execute arbitrary code via a long .smil argument to the (1) tfile, (2) pnmm, or (3) cdda protocol handler. Published: October 18, 2010; 8:00:01 PM -0400 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2010-3750 |
rjrmrpln.dll in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.4, and RealPlayer Enterprise 2.1.2 does not properly validate file contents that are used during interaction with a heap buffer, which allows remote attackers to execute arbitrary code via crafted Name Value Property (NVP) elements in logical streams in a media file. Published: October 18, 2010; 8:00:01 PM -0400 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2010-3749 |
The browser-plugin implementation in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1 allows remote attackers to arguments to the RecordClip method, which allows remote attackers to download an arbitrary program onto a client machine, and execute this program, via a " (double quote) in an argument to the RecordClip method, aka "parameter injection." Published: October 18, 2010; 8:00:01 PM -0400 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2010-3748 |
Stack-based buffer overflow in the RichFX component in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.4, and RealPlayer Enterprise 2.1.2 allows remote attackers to have an unspecified impact via unknown vectors. Published: October 18, 2010; 8:00:01 PM -0400 |
V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2010-3747 |
An ActiveX control in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.4, and RealPlayer Enterprise 2.1.2 does not properly initialize an unspecified object component during parsing of a CDDA URI, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized pointer dereference and application crash) via a long URI. Published: October 18, 2010; 8:00:01 PM -0400 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2010-2998 |
Array index error in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.0.1 allows remote attackers to execute arbitrary code via malformed sample data in a RealMedia .IVR file, related to a "malformed IVR pointer index" issue. Published: October 18, 2010; 8:00:01 PM -0400 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2010-2578 |
Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.4, and RealPlayer Enterprise 2.1.2 allows remote attackers to have an unspecified impact via a crafted QCP file. Published: October 18, 2010; 8:00:01 PM -0400 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2010-3001 |
Unspecified vulnerability in an ActiveX control in the Internet Explorer (IE) plugin in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.4 on Windows has unknown impact and attack vectors related to "multiple browser windows." Published: August 30, 2010; 4:00:02 PM -0400 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2010-3000 |
Multiple integer overflows in the ParseKnownType function in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.4 on Windows allow remote attackers to execute arbitrary code via crafted (1) HX_FLV_META_AMF_TYPE_MIXEDARRAY or (2) HX_FLV_META_AMF_TYPE_ARRAY data in an FLV file. Published: August 30, 2010; 4:00:02 PM -0400 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2010-0120 |
Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.4 on Windows allows remote attackers to execute arbitrary code via large size values in QCP audio content. Published: August 30, 2010; 4:00:01 PM -0400 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2010-0117 |
RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.4 on Windows do not properly handle dimensions during YUV420 transformations, which might allow remote attackers to execute arbitrary code via crafted MP4 content. Published: August 30, 2010; 4:00:01 PM -0400 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2010-0116 |
Integer overflow in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.4 on Windows might allow remote attackers to execute arbitrary code via a crafted QCP file that triggers a heap-based buffer overflow. Published: August 30, 2010; 4:00:01 PM -0400 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2009-4257 |
Heap-based buffer overflow in datatype/smil/common/smlpkt.cpp in smlrender.dll in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10 and 11.0.0, and Helix Player 10.x and 11.0.0 allows remote attackers to execute arbitrary code via an SMIL file with crafted string lengths. Published: January 25, 2010; 2:30:01 PM -0500 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2009-4248 |
Buffer overflow in the RTSPProtocol::HandleSetParameterRequest function in client/core/rtspprotocol.cpp in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted RTSP SET_PARAMETER request. Published: January 25, 2010; 2:30:01 PM -0500 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2009-4247 |
Stack-based buffer overflow in protocol/rtsp/rtspclnt.cpp in RealNetworks RealPlayer 10; RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741; RealPlayer 11 11.0.x; RealPlayer SP 1.0.0 and 1.0.1; RealPlayer Enterprise; Mac RealPlayer 10, 10.1, 11.0, and 11.0.1; Linux RealPlayer 10, 11.0.0, and 11.0.1; and Helix Player 10.x, 11.0.0, and 11.0.1 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an ASM RuleBook with a large number of rules, related to an "array overflow." Published: January 25, 2010; 2:30:01 PM -0500 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2009-4246 |
Stack-based buffer overflow in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows user-assisted remote attackers to execute arbitrary code via a malformed .RJS skin file that contains a web.xmb file with crafted length values. Published: January 25, 2010; 2:30:01 PM -0500 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2009-4245 |
Heap-based buffer overflow in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a compressed GIF file, related to gifcodec.cpp and gifimage.cpp. Published: January 25, 2010; 2:30:01 PM -0500 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2009-4244 |
Heap-based buffer overflow in RealNetworks RealPlayer 10; RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741; RealPlayer 11 11.0.0 through 11.0.4; RealPlayer Enterprise; Mac RealPlayer 10, 10.1, and 11.0; Linux RealPlayer 10; and Helix Player 10.x allows remote attackers to execute arbitrary code via an SIPR codec field with a small length value that triggers incorrect memory allocation. Published: January 25, 2010; 2:30:01 PM -0500 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2009-4243 |
RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allow remote attackers to have an unspecified impact via a crafted media file that uses HTTP chunked transfer coding, related to an "overflow." Published: January 25, 2010; 2:30:01 PM -0500 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2009-4242 |
Heap-based buffer overflow in the CGIFCodec::GetPacketBuffer function in datatype/image/gif/common/gifcodec.cpp in RealNetworks RealPlayer 10; RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741; RealPlayer 11 11.0.0 through 11.0.4; RealPlayer Enterprise; Mac RealPlayer 10, 10.1, and 11.0; Linux RealPlayer 10; and Helix Player 10.x allows remote attackers to execute arbitrary code via a GIF file with crafted chunk sizes that trigger improper memory allocation. Published: January 25, 2010; 2:30:01 PM -0500 |
V3.x:(not available) V2.0: 9.3 HIGH |