This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Realnetworks First view 2010-12-14
Product Realplayer Sp Last view 2013-08-26
Version 1.1.5 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:realnetworks:realplayer_sp

Activity : Overall

Related : CVE

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
9.3 2013-08-26 CVE-2013-4974

RealNetworks RealPlayer before 16.0.3.51, and RealPlayer SP 1.0 through 1.1.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a malformed RealMedia file.

9.3 2013-08-26 CVE-2013-4973

Stack-based buffer overflow in RealNetworks RealPlayer before 16.0.3.51, and RealPlayer SP 1.0 through 1.1.5, allows remote attackers to execute arbitrary code via a crafted .rmp file.

9.3 2013-03-20 CVE-2013-1750

Heap-based buffer overflow in RealNetworks RealPlayer before 16.0.1.18 and RealPlayer SP 1.0 through 1.1.5 allows remote attackers to execute arbitrary code via a malformed MP4 file.

9.3 2012-12-19 CVE-2012-5691

Buffer overflow in RealNetworks RealPlayer before 16.0.0.282 and RealPlayer SP 1.0 through 1.1.5 allows remote attackers to execute arbitrary code via a crafted RealMedia file.

9.3 2012-12-19 CVE-2012-5690

RealNetworks RealPlayer before 16.0.0.282 and RealPlayer SP 1.0 through 1.1.5 allow remote attackers to execute arbitrary code via a RealAudio file that triggers access to an invalid pointer.

7.5 2012-09-12 CVE-2012-3234

RealNetworks RealPlayer before 15.0.6.14, RealPlayer SP 1.0 through 1.1.5, and Mac RealPlayer before 12.0.1.1750 do not properly handle codec frame sizes in RealAudio files, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash) or possibly have unspecified other impact via a crafted file.

6.8 2012-09-12 CVE-2012-2410

Buffer overflow in RealNetworks RealPlayer before 15.0.6.14, RealPlayer SP 1.0 through 1.1.5, and Mac RealPlayer before 12.0.1.1750 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted RealMedia file, a different vulnerability than CVE-2012-2409.

7.5 2012-09-12 CVE-2012-2409

Buffer overflow in RealNetworks RealPlayer before 15.0.6.14, RealPlayer SP 1.0 through 1.1.5, and Mac RealPlayer before 12.0.1.1750 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted RealMedia file, a different vulnerability than CVE-2012-2410.

6.8 2012-09-12 CVE-2012-2408

The AAC SDK in RealNetworks RealPlayer before 15.0.6.14, RealPlayer SP 1.0 through 1.1.5, and Mac RealPlayer before 12.0.1.1750 allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a crafted AAC file that is not properly handled during decoding.

7.5 2012-09-12 CVE-2012-2407

Buffer overflow in RealNetworks RealPlayer before 15.0.6.14, RealPlayer SP 1.0 through 1.1.5, and Mac RealPlayer before 12.0.1.1750 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted AAC file that is not properly handled during stream-data unpacking.

6.9 2012-09-07 CVE-2010-5228

Untrusted search path vulnerability in RealPlayer SP 1.1.5 12.0.0.879 allows local users to gain privileges via a Trojan horse rio500.dll file in the current working directory, as demonstrated by a directory that contains a .avi file. NOTE: some of these details are obtained from third party information.

9.3 2012-05-18 CVE-2012-2411

Buffer overflow in RealNetworks RealPlayer before 15.0.4.53, and RealPlayer SP 1.0 through 1.1.5, allows remote attackers to execute arbitrary code via a crafted RealJukebox Media file.

9.3 2012-05-18 CVE-2012-2406

RealNetworks RealPlayer before 15.0.4.53, and RealPlayer SP 1.0 through 1.1.5, does not properly parse ASMRuleBook data in RealMedia files, which allows remote attackers to execute arbitrary code via a crafted file.

9.3 2012-02-08 CVE-2012-0928

The ATRAC codec in RealNetworks RealPlayer 11.x and 14.x through 14.0.7, RealPlayer SP 1.0 through 1.1.5, and Mac RealPlayer 12.x before 12.0.0.1703 does not properly decode samples, which allows remote attackers to execute arbitrary code via a crafted ATRAC audio file.

9.3 2012-02-08 CVE-2012-0927

Unspecified vulnerability in RealNetworks RealPlayer 11.x, 14.x, and 15.x before 15.02.71, and RealPlayer SP 1.0 through 1.1.5, allows remote attackers to execute arbitrary code via vectors involving the coded_frame_size value in a RealAudio audio stream.

9.3 2012-02-08 CVE-2012-0926

The RV10 codec in RealNetworks RealPlayer 11.x, 14.x, and 15.x before 15.02.71, and RealPlayer SP 1.0 through 1.1.5, does not properly handle height and width values, which allows remote attackers to execute arbitrary code via a crafted RV10 RealVideo video stream.

9.3 2012-02-08 CVE-2012-0925

Unspecified vulnerability in the RV40 codec in RealNetworks RealPlayer 11.x, 14.x, and 15.x before 15.02.71, and RealPlayer SP 1.0 through 1.1.5, allows remote attackers to execute arbitrary code via a crafted RV40 RealVideo video stream.

9.3 2012-02-08 CVE-2012-0924

RealNetworks RealPlayer 11.x, 14.x, and 15.x before 15.02.71, and RealPlayer SP 1.0 through 1.1.5, allows remote attackers to execute arbitrary code via vectors involving a VIDOBJ_START_CODE code in a header within a video stream.

9.3 2012-02-08 CVE-2012-0923

The RV20 codec in RealNetworks RealPlayer 11.x, 14.x, and 15.x before 15.02.71, and RealPlayer SP 1.0 through 1.1.5, does not properly handle the frame size array, which allows remote attackers to execute arbitrary code via a crafted RV20 RealVideo video stream.

9.3 2012-02-08 CVE-2012-0922

rvrender.dll in RealNetworks RealPlayer 11.x, 14.x, and 15.x before 15.02.71, and RealPlayer SP 1.0 through 1.1.5, allows remote attackers to execute arbitrary code via crafted flags in an RMFF file.

4.3 2011-10-04 CVE-2011-1221

Cross-zone scripting vulnerability in the RealPlayer ActiveX control in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5, RealPlayer SP 1.0 through 1.1.5, and RealPlayer Enterprise 2.0 through 2.1.5 allows remote attackers to inject arbitrary web script or HTML in the Local Zone via a local HTML document, a different vulnerability than CVE-2011-2947.

9.3 2011-08-18 CVE-2011-2955

Use-after-free vulnerability in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5, RealPlayer SP 1.0 through 1.1.5, and RealPlayer Enterprise 2.0 through 2.1.5, when an Embedded RealPlayer is used, allows remote attackers to execute arbitrary code via vectors related to a modal dialog.

9.3 2011-08-18 CVE-2011-2954

Use-after-free vulnerability in the AutoUpdate feature in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5 and RealPlayer SP 1.0 through 1.1.5, when an Embedded RealPlayer is used, allows remote attackers to execute arbitrary code via unspecified vectors.

10 2011-08-18 CVE-2011-2953

An unspecified ActiveX control in the browser plugin in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5, RealPlayer SP 1.0 through 1.1.5, and RealPlayer Enterprise 2.0 through 2.1.5 allows remote attackers to execute arbitrary code via unknown vectors, related to an out-of-bounds condition.

9.3 2011-08-18 CVE-2011-2952

Use-after-free vulnerability in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5, RealPlayer SP 1.0 through 1.1.5, and RealPlayer Enterprise 2.0 through 2.1.5 allows remote attackers to execute arbitrary code via vectors related to a dialog box.

CWE : Common Weakness Enumeration

%idName
60% (24) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
20% (8) CWE-94 Failure to Control Generation of Code ('Code Injection')
7% (3) CWE-399 Resource Management Errors
5% (2) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')
5% (2) CWE-20 Improper Input Validation
2% (1) CWE-189 Numeric Errors

SAINT Exploits

Description Link
RealNetworks RealPlayer QCP Parsing More info here
RealPlayer InternetShortcut URL property buffer overflow More info here

Open Source Vulnerability Database (OSVDB)

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
76074 RealPlayer Local HTML File Cross-Zone Scripting Remote Code Execution (2011-1...
74555 RealPlayer ActiveX Control Embedded Modal Dialog Unspecified Use-after-free I...
74554 RealPlayer ActiveX Control Embedded AutoUpdate Unspecified Use-after-free Issue
74553 RealPlayer ActiveX Control Unspecified Out-of-bounds Issue
74552 RealPlayer AAC raw_data_frame Element Parsing Overflow
74551 RealPlayer pngu3267.dll Use-after-free Dialog Box Handling Memory Corruption
74549 RealPlayer qcpfformat.dll QCP File Handling Overflow
74548 RealPlayer ID3v2 Tag MP3 File Handling Overflow
74547 RealPlayer DEFINEFONT Field SWF File Handling Memory Corruption
74546 RealPlayer Local HTML File Cross-Zone Scripting Remote Code Execution (2011-2...
74545 RealPlayer ActiveX Control Unspecified Remote Code Execution
74544 RealPlayer SIPR Unspecified Overflow
73158 RealPlayer OpenURLInDefaultBrowser Method Crafted RNX File Handling Remote Co...
70849 RealPlayer Predictable Temporary Filename Code Execution
70682 RealPlayer vidplin.dll AVI File Header Handling Overflow
69859 RealPlayer Multiple Products Custsupport.html Component RealOneActiveXObject ...
69858 RealPlayer Multiple Products Main.html Component RealOneActiveXObject Process...
69857 RealPlayer Multiple Products Upsell.htm Component RealOneActiveXObject Proces...
69855 RealPlayer Multiple Products ActiveX HandleAction Method Local Zone Cross-zon...
69854 RealPlayer Multiple Products AAC Frame Data Conditional Component Overflow
69853 RealPlayer Multiple Products RealPix File HTTP Request Server Header Overflow
69852 RealPlayer Multiple Products RealMedia File Crafted ImageMap Data Overflow
69851 RealPlayer Multiple Products RMX File Unspecified Header Field Overflow
69850 RealPlayer Multiple Products IVR File Crafted Header Multiple Overflows
69849 RealPlayer Multiple Products Cook Codec Initialization Overflow

OpenVAS Exploits

id Description
2012-12-25 Name : RealNetworks RealPlayer Code Execution Vulnerabilities - Dec12 (Win)
File : nvt/gb_realplayer_code_exec_vuln_dec12_win.nasl
2012-09-21 Name : RealNetworks RealPlayer Multiple Vulnerabilities - Sep12 (Mac OS X)
File : nvt/gb_realplayer_mult_vuln_sep12_macosx.nasl
2012-09-21 Name : RealNetworks RealPlayer Multiple Vulnerabilities - Sep12 (Win)
File : nvt/gb_realplayer_mult_vuln_sep12_win.nasl
2012-07-30 Name : CentOS Update for HelixPlayer-uninstall CESA-2010:0981 centos4 x86_64
File : nvt/gb_CESA-2010_0981_HelixPlayer-uninstall_centos4_x86_64.nasl
2012-04-02 Name : RealNetworks RealPlayer MP4 File Handling Denial of Service Vulnerability (Win)
File : nvt/gb_realplayer_mp4_file_dos_vuln_win.nasl
2012-02-21 Name : RealNetworks RealPlayer Atrac Sample Decoding Remote Code Execution Vulnerab...
File : nvt/gb_realplayer_atrac_sample_code_exec_vuln_macosx.nasl
2012-02-21 Name : RealNetworks RealPlayer Atrac Sample Decoding Remote Code Execution Vulnerab...
File : nvt/gb_realplayer_atrac_sample_code_exec_vuln_win.nasl
2012-02-21 Name : RealNetworks RealPlayer Multiple Vulnerabilities (Win) - Feb12
File : nvt/gb_realplayer_mult_vuln_win_feb12.nasl
2011-08-31 Name : RealNetworks RealPlayer Multiple Vulnerabilities (Mac OS X)
File : nvt/secpod_realplayer_mult_vuln_macosx.nasl
2011-08-31 Name : RealNetworks RealPlayer Multiple Vulnerabilities (Win) - Aug11
File : nvt/secpod_realplayer_mult_vuln_win_01_aug11.nasl
2011-08-31 Name : RealNetworks RealPlayer Multiple Vulnerabilities (Win) - Aug11
File : nvt/secpod_realplayer_mult_vuln_win_02_aug11.nasl
2011-08-09 Name : CentOS Update for HelixPlayer-uninstall CESA-2010:0981 centos4 i386
File : nvt/gb_CESA-2010_0981_HelixPlayer-uninstall_centos4_i386.nasl
2011-04-22 Name : RealNetworks RealPlayer 'OpenURLInDefaultBrowser()' Code Execution Vulnerabil...
File : nvt/gb_realplayer_code_exec_vuln_win.nasl
2011-02-18 Name : RealNetworks RealPlayer Buffer Overflow Vulnerability (Windows)
File : nvt/gb_realplayer_bof_vuln_win.nasl
2010-12-29 Name : RealNetworks RealPlayer Multiple Vulnerabilities (Linux) - Dec 10
File : nvt/gb_realplayer_mult_vuln_lin_dec10.nasl
2010-12-29 Name : RealNetworks RealPlayer Multiple Vulnerabilities (Win) - Dec10
File : nvt/gb_realplayer_mult_vuln_win_dec10.nasl

Information Assurance Vulnerability Management (IAVM)

id Description
2013-A-0166 Multiple Security Vulnerabilities in RealNetworks RealPlayer
Severity: Category II - VMSKEY: V0040163

Snort® IPS/IDS

Date Description
2019-04-13 RealNetworks RealPlayer vidplin.dll avi header parsing execution attempt
RuleID : 49404 - Type : FILE-MULTIMEDIA - Revision : 1
2014-01-16 RealNetworks RealPlayer RealMedia URL length buffer overflow attempt
RuleID : 28962 - Type : FILE-MULTIMEDIA - Revision : 10
2014-01-16 RealNetworks RealPlayer RealMedia URL length buffer overflow attempt
RuleID : 28961 - Type : FILE-MULTIMEDIA - Revision : 9
2014-01-10 RealNetworks RealPlayer QCP parsing buffer overflow attempt
RuleID : 20288 - Type : FILE-MULTIMEDIA - Revision : 13
2014-01-10 RealNetworks RealPlayer vidplin.dll avi header parsing execution attempt
RuleID : 19169 - Type : FILE-MULTIMEDIA - Revision : 12

Nessus® Vulnerability Scanner

id Description
2013-08-28 Name: A multimedia application on the remote Windows host is affected by multiple v...
File: realplayer_16_0_3_51.nasl - Type: ACT_GATHER_INFO
2013-07-12 Name: The remote Oracle Linux host has a deprecated application.
File: oraclelinux_ELSA-2010-0981.nasl - Type: ACT_GATHER_INFO
2013-03-20 Name: A multimedia application on the remote Windows host is affected by a buffer o...
File: realplayer_16_0_1_18.nasl - Type: ACT_GATHER_INFO
2012-12-18 Name: A multimedia application on the remote Windows host is affected by multiple v...
File: realplayer_16_0_0_282.nasl - Type: ACT_GATHER_INFO
2012-09-12 Name: A multimedia application on the remote Windows host is affected by multiple v...
File: realplayer_15_0_6_14.nasl - Type: ACT_GATHER_INFO
2012-08-01 Name: The remote Scientific Linux host is missing one or more security updates.
File: sl_20101214_HelixPlayer_on_SL4_x.nasl - Type: ACT_GATHER_INFO
2012-05-17 Name: A multimedia application on the remote Windows host is affected by multiple v...
File: realplayer_15_0_4_53.nasl - Type: ACT_GATHER_INFO
2012-02-08 Name: A multimedia application on the remote Windows host is affected by multiple v...
File: realplayer_15_0_2_71.nasl - Type: ACT_GATHER_INFO
2011-08-19 Name: A multimedia application on the remote Windows host is affected by multiple v...
File: realplayer_12_0_1_666.nasl - Type: ACT_GATHER_INFO
2011-04-14 Name: A multimedia application on the remote Windows host is affected by multiple v...
File: realplayer_12_0_1_647.nasl - Type: ACT_GATHER_INFO
2011-01-28 Name: The remote CentOS host is missing a security update.
File: centos_RHSA-2010-0981.nasl - Type: ACT_GATHER_INFO
2011-01-28 Name: A multimedia application on the remote Windows host can be abused to execute ...
File: realplayer_12_0_1_633.nasl - Type: ACT_GATHER_INFO
2010-12-15 Name: The remote Red Hat host is missing a security update.
File: redhat-RHSA-2010-0981.nasl - Type: ACT_GATHER_INFO
2010-11-16 Name: An application on the remote Windows host is affected by multiple vulnerabili...
File: realplayer_12_0_1_609.nasl - Type: ACT_GATHER_INFO