CVE-2010-2999

RealNetworks RealPlayer vulnerable to integer overflow via a malformed MLLT atom in AAC files (CVE-2010-2999). Affected: RealPlayer 11.0–11.1 (Windows/macOS/Linux), RealPlayer SP 1.0.x; exploitation via AAC MLLT parsing can lead to remote code execution or heap memory corruption. The ZDI advisory...

CVE-2010-4382

CVE-2010-4382 is part of a set of RealPlayer/HelixPlayer flaws (RealPlayer 11.x, HelixPlayer) that could allow remote code execution via crafted RealMedia content. Surrounding docs confirm HelixPlayer removal and advisories (RHSA-2010:0981, CESAs) due to multiple security flaws; some entries expl...

CVE-2010-4381

CVE-2010-4381 describes a heap-based buffer overflow in RealNetworks RealPlayer products (RealPlayer 11.x, RealPlayer SP, RealPlayer Enterprise, and Mac RealPlayer up to 12.0.0.1444) that is triggered by a crafted AAC file. The vulnerability permits remote attackers to achieve unspecified impact....

CVE-2010-4379

CVE-2010-4379 describes a heap-based buffer overflow in RealPlayer (versions 11.0–11.1, SP 1.0–1.1.4, Enterprise 2.1.2, Mac/Linux RealPlayer 11.0–11.1, HelixPlayer 1.0.6) via crafted SIPR files. Connected advisories confirm RealPlayer/HelixPlayer flaws could, when opening or playing a malicious f...

CVE-2010-4378

CVE-2010-4378 affects RealPlayer/HelixPlayer family. The drv2.dll RV20 decompression component can be triggered by a crafted RV20 video stream length field, leading to remote arbitrary code execution or heap memory corruption. Affected products include RealPlayer 11.0–11.1, RealPlayer SP 1.0–1.1....

CVE-2010-4375

CVE-2010-4375 is a heap-based buffer overflow in RealNetworks RealPlayer 11.0–11.1 and Mac/Linux RealPlayer 11.0–11.1, exploitable via malformed multi-rate audio data to achieve remote code execution. The connected advisories tie this to HelixPlayer, indicating overlapping code bases with RealPla...

CVE-2010-2997

CVE-2010-2997 is tied to multiple advisories (RHSA-2010:0981, CESA-2010:0981) and OpenVAS/Nessus entries describing multiple security flaws in RealPlayer/HelixPlayer, potentially enabling arbitrary code execution via crafted media/stream content. Remediation across affected platforms centers on r...

CVE-2010-4392

Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.5, RealPlayer Enterprise 2.1.2 and 2.1.3, Linux RealPlayer 11.0.2.1744, and possibly HelixPlayer 1.0.6 and other versions, allows remote attackers to execute arbitrary code via crafted ImageMap...

CVE-2010-2999

Integer overflow in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.0.1, Mac RealPlayer 11.0 through 11.1, and Linux RealPlayer 11.0.2.1744 allows remote attackers to execute arbitrary code or cause a denial of service heap memory corruption via a malformed MLLT atom in an...

CVE-2010-4389

Heap-based buffer overflow in the cook codec in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.5, and Linux RealPlayer 11.0.2.1744 allows remote attackers to execute arbitrary code via unspecified data in the initialization buffer...

CVE-2010-4378

The drv2.dll aka RV20 decompression module in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.5, RealPlayer Enterprise 2.1.2 and 2.1.3, Linux RealPlayer 11.0.2.1744, and possibly HelixPlayer 1.0.6 and other versions, allows remote attackers to execute arbitrary code or...

CVE-2010-4391

Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.5, and RealPlayer Enterprise 2.1.2 and 2.1.3 allows remote attackers to execute arbitrary code via a crafted value in an unspecified header field in an RMX file...

CVE-2010-4383

CVE-2010-4383 is among a set of flaws in RealPlayer/Helix Player (RealPlayer 11.x, SP, Enterprise, Mac/Linux RealPlayer; HelixPlayer) that share a common codebase. The connected documents confirm multiple security flaws could be triggered by opening or playing malicious media files/streams, poten...

CVE-2010-2579

The cook codec in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.4, RealPlayer Enterprise 2.1.2, Mac RealPlayer 11.0 through 11.1, and Linux RealPlayer 11.0.2.1744 does not properly initialize the number of channels, which allows attackers to obtain unspecified "memory...

CVE-2010-4397

Integer overflow in the pnen3260.dll module in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.1, Mac RealPlayer 11.0 through 11.1, and Linux RealPlayer 11.0.2.1744 allows remote attackers to execute arbitrary code via a crafted TIT2 atom in an AAC file...

CVE-2010-0121

CVE-2010-0121 affects RealNetworks RealPlayer family (RealPlayer 11.x, RealPlayer SP 1.x, Mac RealPlayer 11.x–12.0.0.1444, Linux RealPlayer 11.0.2.1744). The vulnerability is in the RealAudio cook codec uninitialised memory during parsing, per NVD and Secunia Secunia Research advisory; impact is ...

CVE-2010-4381

Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.4, RealPlayer Enterprise 2.1.2, and Mac RealPlayer 11.0 through 12.0.0.1444 allows remote attackers to have an unspecified impact via a crafted AAC file...

iDefense Security Advisory 12.10.10: RealNetworks RealPlayer Memory Corruption Vulnerability

iDefense Security Advisory 12.10.10 http://labs.idefense.com/intelligence/vulnerabilities/ Dec 10, 2010 I. BACKGROUND RealPlayer is RealNetworks's media player product used to render video and other media. For more information, visit http://www.real.com/ II. DESCRIPTION Remote exploitation of a...

iDefense Security Advisory 12.10.10: RealNetworks RealPlayer RealAudio Codec Memory Corruption Vulnerability

iDefense Security Advisory 12.10.10 http://labs.idefense.com/intelligence/vulnerabilities/ Dec 10, 2010 I. BACKGROUND RealPlayer is RealNetworks's media player product used to render video and other media. For more information, visit http://www.real.com/. II. DESCRIPTION Remote exploitation of a...

RealNetworks Releases Security Update for RealPlayer

RealNetworks, Inc. has released an update for RealPlayer to address multiple vulnerabilities. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code. US-CERT encourages users and administrators to review the RealNetworks notice released on December 10, 2010 and appl...