CVE-2010-3001

Unspecified vulnerability in an ActiveX control in the Internet Explorer IE plugin in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.4 on Windows has unknown impact and attack vectors related to "multiple browser windows."...

CVE-2010-3002

Unspecified vulnerability in RealNetworks RealPlayer 11.0 through 11.1 allows attackers to bypass intended access restrictions on files via unknown vectors...

CVE-2010-0120

Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.4 on Windows allows remote attackers to execute arbitrary code via large size values in QCP audio content...

CVE-2010-0116

Integer overflow in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.4 on Windows might allow remote attackers to execute arbitrary code via a crafted QCP file that triggers a heap-based buffer overflow...

Integer overflow

Multiple integer overflows in the ParseKnownType function in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.4 on Windows allow remote attackers to execute arbitrary code via crafted 1 HXFLVMETAAMFTYPEMIXEDARRAY or 2 HXFLVMETAAMFTYPEARRAY data in an FLV file...

Design/Logic Flaw

Unspecified vulnerability in RealNetworks RealPlayer 11.0 through 11.1 allows attackers to bypass intended access restrictions on files via unknown vectors...

Code injection

RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.4 on Windows do not properly handle dimensions during YUV420 transformations, which might allow remote attackers to execute arbitrary code via crafted MP4 content...

Heap overflow

Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.4 on Windows allows remote attackers to execute arbitrary code via large size values in QCP audio content...

CVE-2010-3000

Multiple integer overflows in the ParseKnownType function in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.4 on Windows allow remote attackers to execute arbitrary code via crafted 1 HXFLVMETAAMFTYPEMIXEDARRAY or 2 HXFLVMETAAMFTYPEARRAY data in an FLV file...

CVE-2010-3002

Unspecified vulnerability in RealNetworks RealPlayer 11.0 through 11.1 allows attackers to bypass intended access restrictions on files via unknown vectors...

CVE-2010-3001

Unspecified vulnerability in an ActiveX control in the Internet Explorer IE plugin in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.4 on Windows has unknown impact and attack vectors related to "multiple browser windows."...

CVE-2010-0117

RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.4 on Windows do not properly handle dimensions during YUV420 transformations, which might allow remote attackers to execute arbitrary code via crafted MP4 content...

CVE-2010-0117

RealNetworks RealPlayer on Windows (11.0–11.1 and RealPlayer SP 1.0–1.1.4) is affected by CVE-2010-0117 due to improper handling of dimensions during YUV420 transformations in MP4 content. The underlying issue can allow remote attackers to execute arbitrary code by delivering crafted MP4 files, a...

CVE-2010-3002

RealPlayer for Windows (RealNetworks RealPlayer, 11.0–11.1) is affected by CVE-2010-3002, an unauthorized file access vulnerability in the RealPlayer ActiveX control. The issue permits bypassing intended file access restrictions via RealPlayer components; the exact exploitation vector is not publ...

CVE-2010-3001

CVE-2010-3001 affects RealNetworks RealPlayer ActiveX control in the IE plugin for RealPlayer 11.0–11.1 and RealPlayer SP 1.0–1.1.4 on Windows. The root cause involves how RealPlayer handles multiple instantiations of the ActiveX plug‑in across multiple Internet Explorer windows, enabling remote ...

CVE-2010-3000

CVE-2010-3000 affects RealNetworks RealPlayer (RealPlayer 11.0–11.1 and RealPlayer SP 1.0–1.1.4 on Windows). The vulnerability arises from two integer overflow errors in the FLV parsing of AMF data (HX_FLV_META_AMF_TYPE_MIXEDARRAY and HX_FLV_META_AMF_TYPE_ARRAY) within the ParseKnownType function...

CVE-2010-0116

CVE-2010-0116 affects RealNetworks RealPlayer for Windows (RealPlayer 11.0–11.1 and RealPlayer SP 1.0–1.1.4). The flaw is an integer overflow in QCP parsing that may cause a heap-based buffer overflow, enabling remote code execution. OpenVAS/Nessus listings corroborate RealPlayer Windows vulnerab...

CVE-2010-0120

Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.4 on Windows allows remote attackers to execute arbitrary code via large size values in QCP audio content...

RealNetworks RealPlayer security vulnerabilities

Memory corruption on FLV and IVR formats parsing...

ZDI-10-166: RealNetworks RealPlayer Malformed IVR Object Index Code Execution Vulnerability

ZDI-10-166: RealNetworks RealPlayer Malformed IVR Object Index Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-166 August 26, 2010 -- CVE ID: CVE-2010-2996 -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C -- Affected Vendors: RealNetworks -- Affected Products: RealNetworks...