CVE-2011-4247 – RealNetworks RealPlayer QCELP Stream Parsing Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-4247
RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via a crafted QCELP stream. RealNetworks RealPlayer anterior a v15.0.0 permite a atacantes remotos ejecutar código arbitrario a través de una corriente QCELP. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way RealPlayer handles audio encoded with the QCELP codec. The codec allows you to specify the 'block_size' that is used. • http://service.real.com/realplayer/security/11182011_player/en • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2011-1221
https://notcve.org/view.php?id=CVE-2011-1221
Cross-zone scripting vulnerability in the RealPlayer ActiveX control in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5, RealPlayer SP 1.0 through 1.1.5, and RealPlayer Enterprise 2.0 through 2.1.5 allows remote attackers to inject arbitrary web script or HTML in the Local Zone via a local HTML document, a different vulnerability than CVE-2011-2947. Vulnerabilidad de scripting a través de zonas (cross-zone scripting) en el control ActiveX RealPlayer de RealNetworks RealPlayer 11.0 hasta la 11.1 y 14.0.0 hasta la 14.0.5, RealPlayer SP 1.0 hasta la 1.1.5, y RealPlayer Enterprise 2.0 hasta la 2.1.5. Permite a atacantes remotos inyectar código script web arbitrario o HTML en la zona local a través de un documento HTML. Una vulnerabilidad distinta a la CVE-2011-2947. • http://service.real.com/realplayer/security/08162011_player/en • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2011-2945
https://notcve.org/view.php?id=CVE-2011-2945
Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5 and RealPlayer SP 1.0 through 1.1.5 allows remote attackers to execute arbitrary code via a crafted SIPR stream. Desbordamiento de pila basado en memoria dinámica (heap) en RealNetworks RealPlayer v11.0 a v11.1 y v14.0.0 a v14.0.5, y RealPlayer SP v1.0 a v1.1.5 permite a atacantes remotos ejecutar código de su elección a través de un stream SIPR debidamente modificado. • http://service.real.com/realplayer/security/08162011_player/en http://www.securitytracker.com/id?1025943 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2011-2946
https://notcve.org/view.php?id=CVE-2011-2946
Unspecified vulnerability in an ActiveX control in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5, RealPlayer SP 1.0 through 1.1.5, and RealPlayer Enterprise 2.0 through 2.1.5 allows remote attackers to execute arbitrary code via unknown vectors. Vulnerabilidad no especificada en un control ActiveX en RealNetworks RealPlayer v11.0 a v11.1 y v14.0.0 a v14.0.5, RealPlayer SP v1.0 a v1.1.5, y RealPlayer Enterprise v2.0 a v2.1.5 permite a atacantes remotos ejecutar código de su elección a través de vectores desconocidos. • http://service.real.com/realplayer/security/08162011_player/en http://www.securitytracker.com/id?1025943 •
CVE-2011-2954
https://notcve.org/view.php?id=CVE-2011-2954
Use-after-free vulnerability in the AutoUpdate feature in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5 and RealPlayer SP 1.0 through 1.1.5, when an Embedded RealPlayer is used, allows remote attackers to execute arbitrary code via unspecified vectors. Vulnerabilidad de uso después de liberación en la función de actualización automática en RealNetworks RealPlayer v11.0 a v11.1 y v14.0.0 a v14.0.5, y RealPlayer SP v1.0 a v1.1.5, cuando el RealPlayer se utiliza incrustado en otra aplicación, permite a atacantes remotos ejecutar código de su elección a través de vectores no especificados. • http://service.real.com/realplayer/security/08162011_player/en http://www.securitytracker.com/id?1025943 • CWE-399: Resource Management Errors •