CVSS: 9.3EPSS: 2%CPEs: 32EXPL: 1CVE-2005-2922
https://notcve.org/view.php?id=CVE-2005-2922
Heap-based buffer overflow in the embedded player in multiple RealNetworks products and versions including RealPlayer 10.x, RealOne Player, and Helix Player allows remote malicious servers to cause a denial of service (crash) and possibly execute arbitrary code via a chunked Transfer-Encoding HTTP response in which either (1) the chunk header length is specified as -1, (2) the chunk header with a length that is less than the actual amount of sent data, or (3) a missing chunk header. • http://secunia.com/advisories/19358 http://secunia.com/advisories/19365 http://securitytracker.com/id?1015808 http://www.kb.cert.org/vuls/id/172489 http://www.novell.com/linux/security/advisories/2006_18_realplayer.html http://www.redhat.com/support/errata/RHSA-2005-762.html http://www.redhat.com/support/errata/RHSA-2005-788.html http://www.securityfocus.com/bid/17202 http://www.service.real.com/realplayer/security/03162006_player/en http://www.vupen.com/english/advisor • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 8%CPEs: 3EXPL: 1CVE-2002-0207 – RealPlayer 7.0/8.0 - Media File Buffer Overflow
https://notcve.org/view.php?id=CVE-2002-0207
Buffer overflow in Real Networks RealPlayer 8.0 and earlier allows remote attackers to execute arbitrary code via a header length value that exceeds the actual length of the header. Desbordamiento del búfer en la aplicación Real Networks RealPlayer 8.0 y versiones anteriores, permite a atacantes remotos ejecutar código arbitrario usando un valor de longitud de cabecera que excede la longitud actual de cabecera. • https://www.exploit-db.com/exploits/21207 http://archives.neohapsis.com/archives/vuln-dev/2002-q1/0044.html http://online.securityfocus.com/archive/1/252414 http://online.securityfocus.com/archive/1/252425 http://sentinelchicken.com/advisories/realplayer http://www.iss.net/security_center/static/7839.php http://www.securityfocus.com/bid/3809 •