CVE-2022-32291
https://notcve.org/view.php?id=CVE-2022-32291
In Real Player through 20.1.0.312, attackers can execute arbitrary code by placing a UNC share pathname (for a DLL file) in a RAM file. En Real Player versiones hasta 20.1.0.312, los atacantes pueden ejecutar código arbitrario al colocar un nombre de ruta compartido UNC (para un archivo DLL) en un archivo RAM • https://github.com/Edubr2020/RP_RecordClip_DLL_Hijack •
CVE-2014-3113
https://notcve.org/view.php?id=CVE-2014-3113
Multiple buffer overflows in RealNetworks RealPlayer before 17.0.10.8 allow remote attackers to execute arbitrary code via a malformed (1) elst or (2) stsz atom in an MP4 file. Múltiples desbordamientos de buffer en RealNetworks RealPlayer anterior a 17.0.10.8 permiten a atacantes remotos ejecutar código arbitrario a través de un átomo (1) elst or (2) stsz malformado en un fichero MP4. • http://secunia.com/advisories/59238 http://service.real.com/realplayer/security/06272014_player/en http://www.fortiguard.com/advisory/RealNetworks-RealPlayer-Memory-Corruption http://www.securitytracker.com/id/1030524 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2014-3444 – RealPlayer - '.3gp' File Processing Memory Corruption
https://notcve.org/view.php?id=CVE-2014-3444
The GetGUID function in codecs/dmp4.dll in RealNetworks RealPlayer 16.0.3.51 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (write access violation and application crash) via a malformed .3gp file. La función GetGUID en codecs/dmp4.dll en RealNetworks RealPlayer 16.0.3.51 y anteriores permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (violación de acceso a escritura y caída de aplicación) a través de un archivo .3gp malformado. Realplayer version 16.0.3.51 suffers from a memory corruption vulnerability. • https://www.exploit-db.com/exploits/39182 http://packetstormsecurity.com/files/126637 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2013-7260 – RealNetworks RealPlayer 16.0.3.51/16.0.2.32 - '.rmp' Version Attribute Buffer Overflow
https://notcve.org/view.php?id=CVE-2013-7260
Multiple stack-based buffer overflows in RealNetworks RealPlayer before 17.0.4.61 on Windows, and Mac RealPlayer before 12.0.1.1738, allow remote attackers to execute arbitrary code via a long (1) version number or (2) encoding declaration in the XML declaration of an RMP file, a different issue than CVE-2013-6877. Múltiples desbordamientos de buffer basados en pila en RealNetworks RealPlayer anteriores a 17.0.4.61 en Windows, y Mac RealPlayer anteriores a 12.0.1.1738, permite a atacantes remotos ejecutar código arbitrario a través de (1) un número de versión largo o (2) una declaración de codificación larga en la declaración XML de un fichero RMP, un problema distinto al CVE-2013-6877. • https://www.exploit-db.com/exploits/30468 http://service.real.com/realplayer/security/12202013_player/en http://www.exploit-db.com/exploits/30468 http://www.kb.cert.org/vuls/id/698278 http://www.securityfocus.com/bid/64695 https://exchange.xforce.ibmcloud.com/vulnerabilities/90160 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2013-6877 – RealNetworks RealPlayer 16.0.3.51/16.0.2.32 - '.rmp' Version Attribute Buffer Overflow
https://notcve.org/view.php?id=CVE-2013-6877
Heap-based buffer overflow in RealNetworks RealPlayer before 17.0.4.61 on Windows, and Mac RealPlayer before 12.0.1.1738, allows remote attackers to execute arbitrary code via a long string in the TRACKID element of an RMP file, a different vulnerability than CVE-2013-7260. Desbordamiento de buffer basado en memoria dinámica en RealNetworks RealPlayer 16.0.2.32 y 16.0.3.51 permite a atacantes remotos ejecutar código de forma arbitraria a través de una cadena larga en el elemento TRACKID de un archivo RMP. • https://www.exploit-db.com/exploits/30468 http://archives.neohapsis.com/archives/bugtraq/2013-12/0104.html http://packetstormsecurity.com/files/124535 http://service.real.com/realplayer/security/12202013_player/en http://www.coresecurity.com/advisories/realplayer-heap-based-buffer-overflow-vulnerability http://www.securityfocus.com/bid/64398 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •