86 matches found
CVE-2004-1798
RealOne player 6.0.11.868 allows remote attackers to execute arbitrary script in the "My Computer" zone via a Synchronized Multimedia Integration Language SMIL presentation with a "file:javascript:" URL, which is executed in the security context of the previously loaded URL, a different...
CVE-2005-0755
CVE-2005-0755 describes a heap-based buffer overflow in RealPlayer 10 and earlier, Helix Player prior to 10.0.4, and RealOne Player v1/v2. The flaw allows remote attackers to execute arbitrary code by sending a long hostname in a RAM file, enabling code execution and potential control of the affe...
security flaw
Heap-based buffer overflow in RealPlayer 10 and earlier, Helix Player before 10.0.4, and RealOne Player v1 and v2 allows remote attackers to execute arbitrary code via a long hostname in a RAM file...
security flaw
Heap-based buffer overflow in RealNetworks RealPlayer 10.5 6.0.12.1056 and earlier, 10, 8, and RealOne Player V2 and V1, allows remote attackers to execute arbitrary code via .WAV files...
security flaw
Stack-based buffer overflow in the CSmil1Parser::testAttributeFailed function in smlparse.cpp for RealNetworks RealPlayer 10.5 6.0.12.1056 and earlier, 10, 8, and RealOne Player V2 and V1 allows remote attackers to execute arbitrary code via a .SMIL file with a large system-screen-size value...
CVE-2004-1481
The CVE-2004-1481 entry describes a heap-based buffer overflow in RealNetworks RealPlayer 8–10.5 (6.0.12.1040) and RealOne Player 1–2 on Windows or macOS, caused by an integer/length field overflow in pnen3260.dll when processing SMIL/.rm files with a very large length value for the data chunk. T...
CVE-2004-1416
pnxr3260.dll in the RealOne 2.0 build 6.0.11.868 browser plugin, as used in Internet Explorer, allows remote attackers to cause a denial of service application crash and possibly execute arbitrary code via a crafted embed tag...
CVE-2004-1416
The CVE-2004-1416 entry concerns RealOne 2.0 browser plugin (pnxr3260.dll) used in Internet Explorer. A crafted embed tag could remotely crash the application and, possibly, execute arbitrary code. The issue is triggered via the IE plugin component and is described as a remote execution/DoS vulne...
CVE-2004-1416
pnxr3260.dll in the RealOne 2.0 build 6.0.11.868 browser plugin, as used in Internet Explorer, allows remote attackers to cause a denial of service application crash and possibly execute arbitrary code via a crafted embed tag...
CVE-2004-1798
RealOne player 6.0.11.868 allows remote attackers to execute arbitrary script in the "My Computer" zone via a Synchronized Multimedia Integration Language SMIL presentation with a "file:javascript:" URL, which is executed in the security context of the previously loaded URL, a different...
CVE-2004-0273
Directory traversal vulnerability in RealOne Player, RealOne Player 2.0, and RealOne Enterprise Desktop allows remote attackers to upload arbitrary files via an RMP file that contains .. dot dot sequences in a .rjs skin file...
CVE-2004-0258
Multiple buffer overflows in RealOne Player, RealOne Player 2.0, RealOne Enterprise Desktop, and RealPlayer Enterprise allow remote attackers to execute arbitrary code via malformed 1 .RP, 2 .RT, 3 .RAM, 4 .RPM or 5 .SMIL files...
[SA12672] RealOne Player / RealPlayer / Helix Player Multiple Vulnerabilities
TITLE: RealOne Player / RealPlayer / Helix Player Multiple Vulnerabilities SECUNIA ADVISORY ID: SA12672 VERIFY ADVISORY: http://secunia.com/advisories/12672/ CRITICAL: Highly critical IMPACT: Manipulation of data, System access WHERE: From remote SOFTWARE: RealPlayer 8...
CVE-2004-0273
Directory traversal vulnerability in RealOne Player, RealOne Player 2.0, and RealOne Enterprise Desktop allows remote attackers to upload arbitrary files via an RMP file that contains .. dot dot sequences in a .rjs skin file...
CVE-2004-0273
CVE-2004-0273 describes a directory traversal vulnerability in RealOne Player, RealOne Player 2.0, and RealOne Enterprise Desktop. An attacker can upload arbitrary files via an RMP file containing .. sequences in a .rjs skin file, enabling remote unauthorized file placement. Affected products are...
CVE-2004-0387
The CVE-2004-0387 issue is a stack-based buffer overflow in the RT3 plugin used by RealPlayer 8, RealOne Player, RealOne Player 10 beta, and RealOne Player Enterprise, allowing remote code execution via malformed .R3T files. Affected components: RT3 plugin within RealPlayer/RealOne Player family....
[VulnWatch] REAL One Player R3T File Format Stack Overflow
NGSSoftware Insight Security Research Advisory Name: REAL One Player R3T File Format Stack Overflow Systems Affected: RealPlayer 8, RealOne Player, RealOne Player v2 for Windows only all languages, RealPlayer 10 Beta English only and ReaPlayer Enterprise all versions, standalone and as configured...
CVE-2004-0258
CVE-2004-0258 affects RealNetworks RealPlayer family (RealOne Player, RealOne Player 2.0, RealOne Enterprise Desktop, RealPlayer Enterprise). The issue is multiple buffer overflows caused by improper handling of certain metafiles and streaming-image files, allowing remote attackers to execute arb...
CVE-2004-0258
Multiple buffer overflows in RealOne Player, RealOne Player 2.0, RealOne Enterprise Desktop, and RealPlayer Enterprise allow remote attackers to execute arbitrary code via malformed 1 .RP, 2 .RT, 3 .RAM, 4 .RPM or 5 .SMIL files...
Multiple RealPlayer/RealOne buffer overflows
Buffer overflows on parsing different file types...