8 results (0.007 seconds)

CVSS: 5.1EPSS: 26%CPEs: 20EXPL: 0

Integer overflow in pnen3260.dll in RealPlayer 8 through 10.5 (6.0.12.1040) and earlier, and RealOne Player 1 or 2 on Windows or Mac OS, allows remote attackers to execute arbitrary code via a SMIL file and a .rm movie file with a large length field for the data chunk, which leads to a heap-based buffer overflow. • http://marc.info/?l=ntbugtraq&m=109708374115061&w=2 http://secunia.com/advisories/12672 http://www.securityfocus.com/bid/11309 http://www.service.real.com/help/faq/security/040928_player/EN https://exchange.xforce.ibmcloud.com/vulnerabilities/17549 •

CVSS: 5.1EPSS: 0%CPEs: 10EXPL: 3

RealOne player 6.0.11.868 allows remote attackers to execute arbitrary script in the "My Computer" zone via a Synchronized Multimedia Integration Language (SMIL) presentation with a "file:javascript:" URL, which is executed in the security context of the previously loaded URL, a different vulnerability than CVE-2003-0726. • http://secunia.com/advisories/9584 http://securitytracker.com/id?1008647 http://www.osvdb.org/3826 http://www.securityfocus.com/archive/1/349086 http://www.securityfocus.com/bid/9378 https://exchange.xforce.ibmcloud.com/vulnerabilities/14168 •

CVSS: 9.3EPSS: 0%CPEs: 10EXPL: 0

Directory traversal vulnerability in RealOne Player, RealOne Player 2.0, and RealOne Enterprise Desktop allows remote attackers to upload arbitrary files via an RMP file that contains .. (dot dot) sequences in a .rjs skin file. Vulnerabilidad de atravesamiento de directorios en RealOne Player, RealOne Player 2.0, y RealOne Enterprise Desktop permite a atacantes remotos subir ficheros arbitrarios mediante un fichero RMP que contenga secuencias .. (punto punto) en fichero de piel .rjs. • http://marc.info/?l=bugtraq&m=107642978524321&w=2 http://service.real.com/help/faq/security/040123_player/EN http://www.kb.cert.org/vuls/id/514734 http://www.securityfocus.com/bid/9580 https://exchange.xforce.ibmcloud.com/vulnerabilities/15123 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 7.6EPSS: 13%CPEs: 14EXPL: 0

Multiple buffer overflows in RealOne Player, RealOne Player 2.0, RealOne Enterprise Desktop, and RealPlayer Enterprise allow remote attackers to execute arbitrary code via malformed (1) .RP, (2) .RT, (3) .RAM, (4) .RPM or (5) .SMIL files. Múltiples desbordamientos de búfer en RealOne Player, RealOne Player 2.0, RealOne Enterprise Desktop, y RealPlayer Enterprise permiten a atacantes remotos ejecutar código de su elección mediante ficheros 1) .RP, (2) .RT, (3) .RAM, (4) .RPM o (5) .SMIL malformados. • http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0027.html http://marc.info/?l=bugtraq&m=107608748813559&w=2 http://www.ciac.org/ciac/bulletins/o-075.shtml http://www.kb.cert.org/vuls/id/473814 http://www.nextgenss.com/advisories/realone.txt http://www.securityfocus.com/bid/9579 http://www.service.real.com/help/faq/security/040123_player/EN https://exchange.xforce.ibmcloud.com/vulnerabilities/15040 •

CVSS: 10.0EPSS: 1%CPEs: 6EXPL: 0

Real Networks RealOne Enterprise Desktop 6.0.11.774, RealOne Player 2.0, and RealOne Player 6.0.11.818 through RealOne Player 6.0.11.853 allows remote attackers to execute arbitrary script in the local security zone by embedding script in a temp file before the temp file is executed by the default web browser. • http://service.real.com/help/faq/security/securityupdate_october2003.html http://www.securityfocus.com/bid/8839 https://exchange.xforce.ibmcloud.com/vulnerabilities/13445 •