CVSS: 9.3EPSS: 0%CPEs: 17EXPL: 0CVE-2010-4380
https://notcve.org/view.php?id=CVE-2010-4380
Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.4, and RealPlayer Enterprise 2.1.2 allows remote attackers to have an unspecified impact via a crafted SOUND file. Desbordamiento de búfer basado en montículo en RealNetworks RealPlayer v11.0 a v11.1, RealPlayer SP v1.0 a v1.1.4 y RealPlayer Enterprise v2.1.2 permite a atacantes remotos tener un impacto no especificado a través de un archivo SOUND debidamente modificado. • http://service.real.com/realplayer/security/12102010_player/en http://www.securitytracker.com/id?1024861 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 0%CPEs: 26EXPL: 0CVE-2010-4381
https://notcve.org/view.php?id=CVE-2010-4381
Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.4, RealPlayer Enterprise 2.1.2, and Mac RealPlayer 11.0 through 12.0.0.1444 allows remote attackers to have an unspecified impact via a crafted AAC file. Desbordamiento de búfer basado en montículo en RealNetworks RealPlayer v11.0 a v11.1, RealPlayer SP v1.0 a v1.1.4, RealPlayer Enterprise v2.1.2 y Mac RealPlayer v11.0 a v12.0.0.1444 permite a atacantes remotos tener un impacto no especificado a través de un archivo AAC modificado. • http://service.real.com/realplayer/security/12102010_player/en http://www.securitytracker.com/id?1024861 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 0%CPEs: 19EXPL: 0CVE-2010-4385 – HelixPlayer multiple flaws (CVE-2010-2997, CVE-2010-4375, CVE-2010-4378, CVE-2010-4379, CVE-2010-4382, CVE-2010-4383, CVE-2010-4385, CVE-2010-4386, CVE-2010-4392, CVE-2010-4376)
https://notcve.org/view.php?id=CVE-2010-4385
Integer overflow in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.4, RealPlayer Enterprise 2.1.2, Linux RealPlayer 11.0.2.1744, and possibly HelixPlayer 1.0.6 and other versions, allows remote attackers to have an unspecified impact via crafted frame dimensions in an SIPR stream. Desbordamiento de entero en RealNetworks RealPlayer v11.0 hasta v11.1, RealPlayer SP v1.0 hasta v1.1.4, RealPlayer Enterprisev2.1.2, y Linux RealPlayer v11.0.2.1744 permite a atacantes remotos provocar un impacto no especificado a través de tamaños de tramas manipulados en una corriente SIPR. • http://service.real.com/realplayer/security/12102010_player/en http://www.redhat.com/support/errata/RHSA-2010-0981.html http://www.securitytracker.com/id?1024861 https://access.redhat.com/security/cve/CVE-2010-4385 https://bugzilla.redhat.com/show_bug.cgi?id=662772 • CWE-189: Numeric Errors •
CVSS: 9.0EPSS: 4%CPEs: 19EXPL: 0CVE-2010-4388 – RealNetworks RealPlayer Custsupport.html Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-4388
The (1) Upsell.htm, (2) Main.html, and (3) Custsupport.html components in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.5, and RealPlayer Enterprise 2.1.2 and 2.1.3 allow remote attackers to inject code into the RealOneActiveXObject process, and consequently bypass intended Local Machine Zone restrictions and load arbitrary ActiveX controls, via unspecified vectors. Los componentes (1) Upsell.htm, (2) Main.html, y (3) Custsupport.html en RealNetworks RealPlayer v11.0 hasta v11.1, RealPlayer SP v1.0 hasta v1.1.5, RealPlayer Enterprise v2.1.2 y v2.1.3, permiten a atacantes remotos inyectar código en el proceso RealOneActiveXObject y evitar las restricciones Local Machine Zone establecidas y cargar controles ActiveX de su elección a través de vectores no especificados. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the Custsupport.html component of the RealPlayer default installation. Due to a failure to properly sanitize user-supplied input, it is possible for an attacker to inject arbitrary code into the RealOneActiveXObject process. • http://osvdb.org/69857 http://osvdb.org/69858 http://osvdb.org/69859 http://service.real.com/realplayer/security/12102010_player/en http://www.securitytracker.com/id?1024861 http://www.zerodayinitiative.com/advisories/ZDI-10-276 http://www.zerodayinitiative.com/advisories/ZDI-10-277 http://www.zerodayinitiative.com/advisories/ZDI-10-278 • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 13%CPEs: 18EXPL: 0CVE-2010-4384 – RealNetworks RealPlayer Media Properties Header Parsing Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-4384
Array index error in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer Enterprise 2.1.2, Mac RealPlayer 11.0 through 11.1, Linux RealPlayer 11.0.2.1744, and possibly HelixPlayer 1.0.6 and other versions, allows remote attackers to execute arbitrary code via a malformed Media Properties Header (aka MDPR) in a RealMedia file. Un error de indice de Array en RealNetworks RealPlayer v11.0 a v11.1, RealPlayer Enterprise v2.1.2, Mac RealPlayer v11.0 por v11.1 y Linux RealPlayer v11.0.2.1744 permite a atacantes remotos ejecutar código arbitrario a través de una cabecera de Propiedades Multimedia (conocida como MDPR) mal formada en un archivo de RealMedia. This vulnerability allows attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists when parsing a RealMedia file containing a malformed Media Properties Header (MDPR). The application explicitly trusts an index in this data structure which is used to seek into an array of objects. • http://service.real.com/realplayer/security/12102010_player/en http://www.redhat.com/support/errata/RHSA-2010-0981.html http://www.securitytracker.com/id?1024861 http://www.zerodayinitiative.com/advisories/ZDI-10-268 https://access.redhat.com/security/cve/CVE-2010-4384 https://bugzilla.redhat.com/show_bug.cgi?id=662772 • CWE-20: Improper Input Validation •