CVSS: 9.3EPSS: 1%CPEs: 18EXPL: 0CVE-2011-2954
https://notcve.org/view.php?id=CVE-2011-2954
Use-after-free vulnerability in the AutoUpdate feature in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5 and RealPlayer SP 1.0 through 1.1.5, when an Embedded RealPlayer is used, allows remote attackers to execute arbitrary code via unspecified vectors. Vulnerabilidad de uso después de liberación en la función de actualización automática en RealNetworks RealPlayer v11.0 a v11.1 y v14.0.0 a v14.0.5, y RealPlayer SP v1.0 a v1.1.5, cuando el RealPlayer se utiliza incrustado en otra aplicación, permite a atacantes remotos ejecutar código de su elección a través de vectores no especificados. • http://service.real.com/realplayer/security/08162011_player/en http://www.securitytracker.com/id?1025943 • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 1%CPEs: 24EXPL: 0CVE-2011-2952
https://notcve.org/view.php?id=CVE-2011-2952
Use-after-free vulnerability in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5, RealPlayer SP 1.0 through 1.1.5, and RealPlayer Enterprise 2.0 through 2.1.5 allows remote attackers to execute arbitrary code via vectors related to a dialog box. Vulnerabilidad de uso después de liberación en RealNetworks RealPlayer v11.0 a v11.1 y v14.0.0 a v14.0.5, RealPlayer SP v1.0 a v1.1.5, y RealPlayer Enterprise v2.0 a v2.1.5 permite a atacantes remotos ejecutar código de su elección a través de vectores relacionados con un cuadro de diálogo. • http://service.real.com/realplayer/security/08162011_player/en http://www.securitytracker.com/id?1025943 • CWE-399: Resource Management Errors •
CVSS: 10.0EPSS: 1%CPEs: 24EXPL: 0CVE-2011-2953
https://notcve.org/view.php?id=CVE-2011-2953
An unspecified ActiveX control in the browser plugin in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5, RealPlayer SP 1.0 through 1.1.5, and RealPlayer Enterprise 2.0 through 2.1.5 allows remote attackers to execute arbitrary code via unknown vectors, related to an out-of-bounds condition. Un control ActiveX no especificado en el plugin para los navegadores de RealNetworks RealPlayer v11.0 a v11.1 y v14.0.0 a v14.0.5, y RealPlayer SP v1.0 a v1.1.5, y RealPlayer Enterprise v2.0 a v2.1.5 permite a atacantes remotos ejecutar código de su elección a través de vectores desconocidos, relacionados con una situación de acceso a datos fuera de rango. • http://service.real.com/realplayer/security/08162011_player/en http://www.securitytracker.com/id?1025943 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 1%CPEs: 24EXPL: 0CVE-2011-2955
https://notcve.org/view.php?id=CVE-2011-2955
Use-after-free vulnerability in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5, RealPlayer SP 1.0 through 1.1.5, and RealPlayer Enterprise 2.0 through 2.1.5, when an Embedded RealPlayer is used, allows remote attackers to execute arbitrary code via vectors related to a modal dialog. Vulnerabilidad de uso después de liberación en RealNetworks RealPlayer v11.0 hasta la v11.1 y v14.0.0 hasta la v14.0.5, RealPlayer SP 1.0 a v1.1.5, y RealPlayer Enterprise v2.0 a v2.1.5, cuando se utiliza el RealPlayer incrustado en otras aplicaciones, permite a atacantes remotos ejecutar código de su elección a través de vectores relacionados con un diálogo modal. • http://service.real.com/realplayer/security/08162011_player/en http://www.securitytracker.com/id?1025943 • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 17%CPEs: 24EXPL: 0CVE-2011-2948 – RealNetworks RealPlayer SWF DefineFont Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-2948
RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5, RealPlayer SP 1.0 through 1.1.5, RealPlayer Enterprise 2.0 through 2.1.5, and Mac RealPlayer 12.0.0.1569 do not properly handle DEFINEFONT fields in SWF files, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted file. RealNetworks RealPlayer v11.0 a v11.1 y v14.0.0 a v14.0.5, RealPlayer SP v1.0 a v1.1.5, RealPlayer Enterprise v2.0 a v2.1.5 y Mac RealPlayer v12.0.0.1569 no gestionan adecuadamente los campos DEFINEFONT en los archivos SWF, lo que permite ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria heap) a atacantes remotos a través de un archivo debidamente modificado. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way RealPlayer handles DEFINEFONT fields in Flash Files. When the process parses corrupt a ShapeRecord with the DefineFont record it reads outside a stack buffer and uses a random stack value as a heap pointer. • http://service.real.com/realplayer/security/08162011_player/en http://www.securitytracker.com/id?1025943 http://zerodayinitiative.com/advisories/ZDI-11-268 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •