CVE-2010-4393 – Realplayer vidplin.dll AVI Parsing Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-4393
Heap-based buffer overflow in vidplin.dll in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.x before 14.0.2, and RealPlayer SP 1.0 through 1.1.5, allows remote attackers to execute arbitrary code via a crafted header in an AVI file. Desbordamiento de búfer basado en memoria en vidplin.dll en RealNetworks RealPlayer v11.0 hasta v11.1 y v14.0.x anterior a v14.0.2, y RealPlayer Sp v1.0 hasta v1.1.5, permite a atacantes remotos ejecutar código de su elección a través de una cabecera manipulada de un archivo AVI. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Realnetworks Realplayer SP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the vidplin.dll module. A buffer is allocated according to the user supplied length value. • http://osvdb.org/70682 http://secunia.com/advisories/43098 http://securitytracker.com/id?1024998 http://service.real.com/realplayer/security/01272011_player/en http://www.securityfocus.com/bid/46047 http://www.vupen.com/english/advisories/2011/0240 http://www.zerodayinitiative.com/advisories/ZDI-11-033 https://exchange.xforce.ibmcloud.com/vulnerabilities/64960 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2010-2579
https://notcve.org/view.php?id=CVE-2010-2579
The cook codec in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.4, RealPlayer Enterprise 2.1.2, Mac RealPlayer 11.0 through 11.1, and Linux RealPlayer 11.0.2.1744 does not properly initialize the number of channels, which allows attackers to obtain unspecified "memory access" via unknown vectors. El códec "cook" en RealNetworks RealPlayer v11.0 a v11.1, RealPlayer SP v1.0 a v1.1.4, RealPlayer Enterprise v2.1.2, Mac RealPlayer v11.0 a v11.1 y Linux RealPlayer v11.0.2.1744 no inicializa correctamente el número de canales, lo que permite a los atacantes "acceso a memoria" de una forma no especificada a través de vectores desconocidos. • http://service.real.com/realplayer/security/12102010_player/en http://www.securitytracker.com/id?1024861 •
CVE-2010-4383 – HelixPlayer multiple flaws (CVE-2010-2997, CVE-2010-4375, CVE-2010-4378, CVE-2010-4379, CVE-2010-4382, CVE-2010-4383, CVE-2010-4385, CVE-2010-4386, CVE-2010-4392, CVE-2010-4376)
https://notcve.org/view.php?id=CVE-2010-4383
Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.4, RealPlayer Enterprise 2.1.2, Mac RealPlayer 11.0 through 12.0.0.1444, Linux RealPlayer 11.0.2.1744, and possibly HelixPlayer 1.0.6 and other versions, allows remote attackers to have an unspecified impact via a crafted RA5 file. Un desbordamiento de búfer basado en montículo en RealNetworks RealPlayer v11.0 a v11.1, RealPlayer SP v1.0 a v1.1.4, RealPlayer Enterprise v2.1.2, Mac RealPlayer v11.0 a v12.0.0.1444 y Linux RealPlayer v11.0.2.1744 permite a atacantes remotos tener un impacto no especificado a través de un archivo RA5 modificado. • http://service.real.com/realplayer/security/12102010_player/en http://www.redhat.com/support/errata/RHSA-2010-0981.html http://www.securitytracker.com/id?1024861 https://access.redhat.com/security/cve/CVE-2010-4383 https://bugzilla.redhat.com/show_bug.cgi?id=662772 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2010-0125
https://notcve.org/view.php?id=CVE-2010-0125
RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.4, RealPlayer Enterprise 2.1.2, and Mac RealPlayer 11.0 through 12.0.0.1444 do not properly parse spectral data in AAC files, which has unspecified impact and remote attack vectors. RealNetworks RealPlayer v11.0 a v11.1, RealPlayer SP v1.0 a v1.1.4, RealPlayer Enterprise v2.1.2 y Mac RealPlayer v11.0 a v12.0.0.1444 no analiza correctamente los datos de espectro en los archivos AAC, que tiene un impacto no especificado usando vectores de ataque remotos. • http://service.real.com/realplayer/security/12102010_player/en http://www.securitytracker.com/id?1024861 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2010-4382 – HelixPlayer multiple flaws (CVE-2010-2997, CVE-2010-4375, CVE-2010-4378, CVE-2010-4379, CVE-2010-4382, CVE-2010-4383, CVE-2010-4385, CVE-2010-4386, CVE-2010-4392, CVE-2010-4376)
https://notcve.org/view.php?id=CVE-2010-4382
Multiple heap-based buffer overflows in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.4, RealPlayer Enterprise 2.1.2, Linux RealPlayer 11.0.2.1744, and possibly HelixPlayer 1.0.6 and other versions, allow remote attackers to have an unspecified impact via a crafted RealMedia file. Múltiples desbordamientos de búfer basados en montículo en RealNetworks RealPlayer v11.0 a v11.1, RealPlayer SP v1.0 a v1.1.4, RealPlayer Enterprise v2.1.2 y Linux v11.0.2.1744 RealPlayer permite a atacantes remotos tener un impacto no especificado a través de un archivo de RealMedia modificado. • http://service.real.com/realplayer/security/12102010_player/en http://www.redhat.com/support/errata/RHSA-2010-0981.html http://www.securitytracker.com/id?1024861 https://access.redhat.com/security/cve/CVE-2010-4382 https://bugzilla.redhat.com/show_bug.cgi?id=662772 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •