Page 12 of 58 results (0.005 seconds)

CVSS: 9.0EPSS: 0%CPEs: 18EXPL: 0

Cross-zone scripting vulnerability in the RealPlayer ActiveX control in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5 and RealPlayer SP 1.0 through 1.1.5 allows remote attackers to inject arbitrary web script or HTML in the Local Zone via a local HTML document. Una vulnerabilidad de secuencias de comandos en zonas cruzadas en el control ActiveX de RealPlayer en RealNetworks RealPlayer v11.0 a v11.1 y v14.0.0 a 14.0.5, y RealPlayer SP v1.0 a v1.1.5, permite a atacantes remotos inyectar secuencias de comandos web o HTML en la zona local a través de un documento en formato HTML almacenado localmente. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists due to the fact that RealPlayer allows users to run local HTML files with scripting enabled without any warning. The RealPlayer ActiveX control can be scripted from a web browser to load local HTML files. • http://service.real.com/realplayer/security/08162011_player/en http://www.securitytracker.com/id?1025943 http://zerodayinitiative.com/advisories/ZDI-11-269 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.7EPSS: 40%CPEs: 15EXPL: 0

The OpenURLInDefaultBrowser method in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.2, and RealPlayer SP 1.0 through 1.1.5, launches a default handler for the filename specified in the first argument, which allows remote attackers to execute arbitrary code via a .rnx filename corresponding to a crafted RNX file. El método OpenURLInDefaultBrowser en RealNetworks RealPlayer v11.0 hasta v11.1 y v14.0.0 hasta v14.0.2, y RealPlayer SP v1.0 hasta v1.1.5, inicia un controlador por defecto para un archivo específico en el primer argumento, lo que permite a atacantes remotos ejecutar código de su elección a través de un archivo .rnx correspondiente a un archivo manipulado RNX. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within RealPlayer exposes a method called OpenURLInDefaultBrowser() that can be accessed through RealPlayer's internal browser. When this method is called, it will open and execute the first parameter based on the operating system's default handler for the filetype. • http://securitytracker.com/id?1025351 http://service.real.com/realplayer/security/04122011_player/en http://www.securityfocus.com/archive/1/517470/100/0/threaded http://www.securityfocus.com/bid/47335 http://www.vupen.com/english/advisories/2011/0979 http://zerodayinitiative.com/advisories/ZDI-11-122 https://exchange.xforce.ibmcloud.com/vulnerabilities/66728 •

CVSS: 9.3EPSS: 39%CPEs: 24EXPL: 4

Heap-based buffer overflow in rvrender.dll in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.2, and RealPlayer SP 1.0 through 1.1.5, allows remote attackers to execute arbitrary code via a crafted frame in an Internet Video Recording (IVR) file. Desbordamiento de búfer en la región heap de la memoria en la biblioteca rvrender.dll en RealPlayer versiones 11.0 hasta 11.1 y versiones 14.0.0 hasta 14.0.2, y RealPlayer SP versiones 1.0 hasta 1.1.5, de RealNetworks, permite a atacantes remotos ejecutar código arbitrario por medio de una trama especialmente diseñada en un archivo de Internet Video Recording ( IVR). • https://www.exploit-db.com/exploits/17019 http://aluigi.org/adv/real_5-adv.txt http://osvdb.org/71260 http://secunia.com/advisories/43847 http://securityreason.com/securityalert/8181 http://service.real.com/realplayer/security/04122011_player/en http://www.exploit-db.com/exploits/17019 http://www.securityfocus.com/archive/1/517083/100/0/threaded http://www.securityfocus.com/bid/46946 http://www.securitytracker.com/id?1025245 https://exchange.xforce.ibmcloud.com/vulnerabili • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •