VYPR
Vendor

RealNetworks

RealNetworks LLC is an American technology company and provider of Internet streaming media delivery software and services based in Seattle, Washington. The company also provides subscription-based online entertainment services and mobile entertainment and messaging services.

Founded 1993
Products
22
CVEs
217
Across products
322
Status
Private

Products

22

Recent CVEs

217
View all 217 CVEs →
  • CVE-2011-10028HigAug 20, 2025
    risk 0.65cvss epss 0.01

    The RealNetworks RealArcade platform includes an ActiveX control (InstallerDlg.dll, version 2.6.0.445) that exposes a method named Exec via the StubbyUtil.ProcessMgr COM object. This method allows remote attackers to execute arbitrary commands on a victim's Windows machine…

  • CVE-2011-10016CriAug 13, 2025
    risk 0.65cvss epss 0.00

    Real Networks Netzip Classic version 7.5.1.86 is vulnerable to a stack-based buffer overflow when parsing a specially crafted ZIP archive. The vulnerability is triggered when the application attempts to process a file name within the archive that exceeds the expected buffer…

  • CVE-2004-0389HigJun 1, 2004
    risk 0.56cvss 7.5epss 0.52

    RealNetworks Helix Universal Server 9.0.1 and 9.0.2 allows remote attackers to cause a denial of service (crash) via malformed requests that trigger a null dereference, as demonstrated using (1) GET_PARAMETER or (2) DESCRIBE requests.

  • CVE-2023-50685HigMay 2, 2024
    risk 0.49cvss 7.5epss 0.01

    An issue in Hipcam Cameras RealServer v.1.0 allows a remote attacker to cause a denial of service via a crafted script to the client_port parameter.

  • CVE-2016-9018MedOct 28, 2016
    risk 0.39cvss 5.5epss 0.08

    Improper handling of a repeating VRAT chunk in qcpfformat.dll allows attackers to cause a Null pointer dereference and crash in RealNetworks RealPlayer 18.1.5.705 through a crafted .QCP media file.

  • CVE-2017-9302MedMay 29, 2017
    risk 0.36cvss 5.5epss 0.02

    RealPlayer 16.0.2.32 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted mp4 file.

  • CVE-2002-1643Dec 19, 2002
    risk 0.09cvss epss 0.74

    Multiple buffer overflows in RealNetworks Helix Universal Server 9.0 (9.0.2.768) allow remote attackers to execute arbitrary code via (1) a long Transport field in a SETUP RTSP request, (2) a DESCRIBE RTSP request with a long URL argument, or (3) two simultaneous HTTP GET…

  • CVE-2013-7260Jan 3, 2014
    risk 0.08cvss epss 0.67

    Multiple stack-based buffer overflows in RealNetworks RealPlayer before 17.0.4.61 on Windows, and Mac RealPlayer before 12.0.1.1738, allow remote attackers to execute arbitrary code via a long (1) version number or (2) encoding declaration in the XML declaration of an RMP file,…

  • CVE-2010-1318Apr 20, 2010
    risk 0.08cvss epss 0.58

    Stack-based buffer overflow in the AgentX::receive_agentx function in AgentX++ 1.4.16, as used in RealNetworks Helix Server and Helix Mobile Server 11.x through 13.x and other products, allows remote attackers to execute arbitrary code via unspecified vectors.

  • CVE-2012-5691Dec 19, 2012
    risk 0.07cvss epss 0.53

    Buffer overflow in RealNetworks RealPlayer before 16.0.0.282 and RealPlayer SP 1.0 through 1.1.5 allows remote attackers to execute arbitrary code via a crafted RealMedia file.

  • CVE-2008-1309Mar 12, 2008
    risk 0.07cvss epss 0.46

    The RealAudioObjects.RealAudio ActiveX control in rmoc3260.dll in RealNetworks RealPlayer Enterprise, RealPlayer 10, RealPlayer 10.5 before build 6.0.12.1675, and RealPlayer 11 before 11.0.3 build 6.0.14.806 does not properly manage memory for the (1) Console or (2) Controls…

  • CVE-2005-0455May 2, 2005
    risk 0.07cvss epss 0.54

    Stack-based buffer overflow in the CSmil1Parser::testAttributeFailed function in smlparse.cpp for RealNetworks RealPlayer 10.5 (6.0.12.1056 and earlier), 10, 8, and RealOne Player V2 and V1 allows remote attackers to execute arbitrary code via a .SMIL file with a large…

  • CVE-2003-0725Oct 20, 2003
    risk 0.07cvss epss 0.51

    Buffer overflow in the RTSP protocol parser for the View Source plug-in (vsrcplin.so or vsrcplin3260.dll) for RealNetworks Helix Universal Server 9 and RealSystem Server 8, 7 and RealServer G2 allows remote attackers to execute arbitrary code.

  • CVE-2010-3747Oct 19, 2010
    risk 0.06cvss epss 0.35

    An ActiveX control in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.4, and RealPlayer Enterprise 2.1.2 does not properly initialize an unspecified object component during parsing of a CDDA URI, which allows remote attackers to execute arbitrary code or…

  • CVE-2007-5601Oct 20, 2007
    risk 0.06cvss epss 0.42

    Stack-based buffer overflow in the Database Component in MPAMedia.dll in RealNetworks RealPlayer 10.5 and 11 beta, and earlier versions including 10, RealOne Player, and RealOne Player 2, allows remote attackers to execute arbitrary code via certain playlist names, as…

  • CVE-2007-3410Jun 26, 2007
    risk 0.06cvss epss 0.36

    Stack-based buffer overflow in the SmilTimeValue::parseWallClockValue function in smlprstime.cpp in RealNetworks RealPlayer 10, 10.1, and possibly 10.5, RealOne Player, RealPlayer Enterprise, and Helix Player 10.5-GOLD and 10.0.5 through 10.0.8, allows remote attackers to…

  • CVE-2011-2950Aug 18, 2011
    risk 0.05cvss epss 0.30

    Heap-based buffer overflow in qcpfformat.dll in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5 and RealPlayer SP 1.0 through 1.1.5 allows remote attackers to execute arbitrary code via a crafted QCP file.

  • CVE-2010-3749Oct 19, 2010
    risk 0.05cvss epss 0.26

    The browser-plugin implementation in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1 allows remote attackers to arguments to the RecordClip method, which allows remote attackers to download an arbitrary program onto a client machine, and execute this…

  • CVE-2013-6877Dec 19, 2013
    risk 0.04cvss epss 0.11

    Heap-based buffer overflow in RealNetworks RealPlayer before 17.0.4.61 on Windows, and Mac RealPlayer before 12.0.1.1738, allows remote attackers to execute arbitrary code via a long string in the TRACKID element of an RMP file, a different vulnerability than CVE-2013-7260.

  • CVE-2011-1525Apr 6, 2011
    risk 0.04cvss epss 0.12

    Heap-based buffer overflow in rvrender.dll in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.2, and RealPlayer SP 1.0 through 1.1.5, allows remote attackers to execute arbitrary code via a crafted frame in an Internet Video Recording (IVR) file.