Realnetworks
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in any Realnetworks product.
RSS Feeds for Realnetworks security vulnerabilities
Create a CVE RSS feed including security vulnerabilities found in Realnetworks products with stack.watch. Just hit watch, then grab your custom RSS feed url.
Products by Realnetworks Sorted by Most Security Vulnerabilities since 2018
By the Year
In 2026 there have been 0 vulnerabilities in Realnetworks. Last year, in 2025 Realnetworks had 2 security vulnerabilities published. Right now, Realnetworks is on track to have less security vulnerabilities in 2026 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 2 | 0.00 |
| 2024 | 0 | 0.00 |
| 2023 | 0 | 0.00 |
| 2022 | 4 | 9.50 |
| 2021 | 0 | 0.00 |
| 2020 | 0 | 0.00 |
| 2019 | 0 | 0.00 |
| 2018 | 1 | 5.50 |
It may take a day or so for new Realnetworks vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Realnetworks Security Vulnerabilities
| CVE | Date | Vulnerability | Products |
|---|---|---|---|
| CVE-2011-10028 | Aug 20, 2025 |
Remote Command Execution via Exec in RealArcade ActiveX 2.6.0.445The RealNetworks RealArcade platform includes an ActiveX control (InstallerDlg.dll, version 2.6.0.445) that exposes a method named Exec via the StubbyUtil.ProcessMgr COM object. This method allows remote attackers to execute arbitrary commands on a victim's Windows machine without proper validation or restrictions. This platform was sometimes referred to or otherwise known as RealArcade or Arcade Games and has since consolidated with RealNetworks' platform, GameHouse. |
Realarcade Installer
|
| CVE-2011-10016 | Aug 13, 2025 |
Stack Buffer Overflow in Netzip Classic 7.5.1.86 ZIP ParserReal Networks Netzip Classic version 7.5.1.86 is vulnerable to a stack-based buffer overflow when parsing a specially crafted ZIP archive. The vulnerability is triggered when the application attempts to process a file name within the archive that exceeds the expected buffer size. Exploitation allows arbitrary code execution under the context of the victim user when the ZIP file is opened. |
|
| CVE-2022-32291 | Jun 05, 2022 |
In Real Player through 20.1.0.312, attackersIn Real Player through 20.1.0.312, attackers can execute arbitrary code by placing a UNC share pathname (for a DLL file) in a RAM file. |
Realplayer
|
| CVE-2022-32270 | Jun 03, 2022 |
In Real Player 20.0.7.309 and 20.0.8.310, external::Import()In Real Player 20.0.7.309 and 20.0.8.310, external::Import() allows download of arbitrary file types and Directory Traversal, leading to Remote Code Execution. This occurs because it is possible to plant executables in the startup folder (DLL planting could also occur). |
Realplayer
|
| CVE-2022-32269 | Jun 03, 2022 |
In Real Player 20.0.8.310, the G2 ControlIn Real Player 20.0.8.310, the G2 Control allows injection of unsafe javascript: URIs in local HTTP error pages (displayed by Internet Explorer core). This leads to arbitrary code execution. |
Realplayer
|
| CVE-2022-32271 | Jun 03, 2022 |
In Real Player 20.0.8.310, there is a DCP:// URI Remote Arbitrary Code Execution VulnerabilityIn Real Player 20.0.8.310, there is a DCP:// URI Remote Arbitrary Code Execution Vulnerability. This is an internal URL Protocol used by Real Player to reference a file that contains an URL. It is possible to inject script code to arbitrary domains. It is also possible to reference arbitrary local files. |
Realplayer
|
| CVE-2018-13121 | Jul 03, 2018 |
RealOne Player 2.0 Build 6.0.11.872RealOne Player 2.0 Build 6.0.11.872 allows remote attackers to cause a denial of service (array out-of-bounds access and application crash) via a crafted .aiff file. |
Realone Player
|
| CVE-2007-6235 | Dec 04, 2007 |
A certain ActiveX control in RealNetworks RealPlayer 11 allows remote attackers to cause a denial of service (application crash) via a malformed .au fileA certain ActiveX control in RealNetworks RealPlayer 11 allows remote attackers to cause a denial of service (application crash) via a malformed .au file that triggers a divide-by-zero error. NOTE: this might be related to CVE-2007-4904. |
Realplayer
|
| CVE-2004-1481 | Dec 31, 2004 |
Integer overflow in pnen3260.dll in RealPlayer 8 through 10.5 (6.0.12.1040) and earlier, and RealOne Player 1 or 2 on Windows or Mac OSInteger overflow in pnen3260.dll in RealPlayer 8 through 10.5 (6.0.12.1040) and earlier, and RealOne Player 1 or 2 on Windows or Mac OS, allows remote attackers to execute arbitrary code via a SMIL file and a .rm movie file with a large length field for the data chunk, which leads to a heap-based buffer overflow. |
Helix Player
Realone Player
Realplayer
And others... |
| CVE-2004-0389 | Jun 01, 2004 |
RealNetworks Helix Universal Server 9.0.1 and 9.0.2 allows remote attackers to cause a denial of service (crash) via malformed requestsRealNetworks Helix Universal Server 9.0.1 and 9.0.2 allows remote attackers to cause a denial of service (crash) via malformed requests that trigger a null dereference, as demonstrated using (1) GET_PARAMETER or (2) DESCRIBE requests. |
Helix Universal Server
|
| CVE-2003-0726 | Oct 20, 2003 |
RealOne player allows remote attackers to execute arbitrary script in the "My Computer" zone via a SMIL presentation with a URLRealOne player allows remote attackers to execute arbitrary script in the "My Computer" zone via a SMIL presentation with a URL that references a scripting protocol, which is executed in the security context of the previously loaded URL, as demonstrated using a "javascript:" URL in the area tag. |
Realone Desktop Manager
Realone Player
Realone Enterprise Desktop
And others... |