37 results (0.008 seconds)

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1

RealOne Player 2.0 Build 6.0.11.872 allows remote attackers to cause a denial of service (array out-of-bounds access and application crash) via a crafted .aiff file. RealOnePlayer 2.0 Build 6.0.11.872, permite que atacantes remotos provoquen una denegación de servicio (acceso fuera de límites del array y cierre inesperado de la aplicación) mediante un archivo .aiff manipulado. • https://github.com/921580451/RealOnePlayer-sBug/issues/1 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 9.3EPSS: 95%CPEs: 18EXPL: 0

Heap-based buffer overflow in RealNetworks RealPlayer 10.0, 10.1, and possibly 10.5, RealOne Player, and RealPlayer Enterprise allows remote attackers to execute arbitrary code via an SWF (Flash) file with malformed record headers. Un Desbordamiento de búfer en la región Heap de la memoria en RealNetworks RealPlayer las versiones 10.0, 10.1 y posiblemente 10.5, RealOne Player y RealPlayer Enterprise permiten que los atacantes remotos ejecuten código arbitrario por medio de un archivo SWF (Flash) con encabezados de registro mal formados. This vulnerability allows remote attackers to execute arbitrary code on systems with vulnerable installations of the RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists in RealPlayer's parsing of SWF files. The SWF rendering DLL RealPlayer uses fails to properly handle malformed record headers leading to an exploitable overflow. • http://osvdb.org/38344 http://secunia.com/advisories/27361 http://service.real.com/realplayer/security/10252007_player/en http://www.attrition.org/pipermail/vim/2007-October/001841.html http://www.securityfocus.com/archive/1/483110/100/0/threaded http://www.securityfocus.com/bid/26214 http://www.securityfocus.com/bid/26284 http://www.securitytracker.com/id?1018866 http://www.vupen.com/english/advisories/2007/3628 http://www.zerodayinitiative.com/advisories/ZDI-07-061.html htt • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 9.3EPSS: 88%CPEs: 20EXPL: 0

Heap-based buffer overflow in RealNetworks RealPlayer 8, 10, 10.1, and possibly 10.5; RealOne Player 1 and 2; and RealPlayer Enterprise allows remote attackers to execute arbitrary code via a crafted RM file. Un desbordamiento de búfer en la región heap de la memoria en RealNetworks RealPlayer versiones 8, 10, 10.1 y posiblemente 10.5; RealOne Player versiones 1 y 2; y RealPlayer Enterprise, permite a atacantes remotos ejecutar código arbitrario por medio de un archivo RM diseñado. • http://osvdb.org/38340 http://secunia.com/advisories/27361 http://securitytracker.com/id?1018866 http://service.real.com/realplayer/security/10252007_player/en http://www.attrition.org/pipermail/vim/2007-October/001841.html http://www.securityfocus.com/bid/26214 http://www.vupen.com/english/advisories/2007/3628 https://exchange.xforce.ibmcloud.com/vulnerabilities/37435 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11625 https://access.redhat.com/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 9.3EPSS: 90%CPEs: 8EXPL: 0

Integer overflow in RealNetworks RealPlayer 10 and 10.5, RealOne Player 1, and RealPlayer Enterprise for Windows allows remote attackers to execute arbitrary code via a crafted Lyrics3 2.00 tag in an MP3 file, resulting in a heap-based buffer overflow. Desbordamiento de entero en RealNetworks RealPlayer 10 y 10.5, REalOne Player 1, y RealPlayer Enterprise para Windows permite a atacantes remotos ejecutar código de su elección mediante una etiqueta Lyrics3 2.00 manipulada en un archivo MP3, resultando en un desbordamiento de búfer basado en montículo. • http://secunia.com/advisories/27361 http://service.real.com/realplayer/security/10252007_player/en http://www.attrition.org/pipermail/vim/2007-October/001841.html http://www.kb.cert.org/vuls/id/759385 http://www.ngssoftware.com/advisories/high-risk-vulnerability-in-real-player-id3-tags http://www.securityfocus.com/bid/26214 http://www.securitytracker.com/id?1018866 http://www.vupen.com/english/advisories/2007/3628 https://exchange.xforce.ibmcloud.com/vulnerabilities/37434 • CWE-189: Numeric Errors •

CVSS: 9.3EPSS: 95%CPEs: 7EXPL: 0

Stack-based buffer overflow in RealNetworks RealPlayer 10 and possibly 10.5, and RealOne Player 1 and 2, for Windows allows remote attackers to execute arbitrary code via a crafted playlist (PLS) file. Un desbordamiento de búfer en la región stack de la memoria en RealNetworks RealPlayer versiones 10 y posiblemente en 10.5, y RealOne Player versiones 1 y 2, para Windows, permite a atacantes remotos ejecutar código arbitrario por medio de un archivo de lista de reproducción (PLS) diseñada. This vulnerability allows remote attackers to execute code on vulnerable installations of RealPlayer. User interaction is required in that a user must open a malicious .pls file or visit a malicious web site. The specific flaw exists during the parsing of corrupted playlist files. Malicious corruption causes RealPlayer to call into a static heap address which can be leveraged by an attacker resulting in arbitrary code execution under the context of the logged in user. • http://osvdb.org/38341 http://secunia.com/advisories/27361 http://securitytracker.com/id?1018866 http://service.real.com/realplayer/security/10252007_player/en http://www.attrition.org/pipermail/vim/2007-October/001841.html http://www.securityfocus.com/archive/1/483112/100/0/threaded http://www.securityfocus.com/bid/26214 http://www.vupen.com/english/advisories/2007/3628 http://www.zerodayinitiative.com/advisories/ZDI-07-062.html https://exchange.xforce.ibmcloud.com/vulnerabilities&#x • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •