CVSS: 9.3EPSS: 39%CPEs: 24EXPL: 4CVE-2011-1525 – RealPlayer 14.0.1.633 - Heap Overflow
https://notcve.org/view.php?id=CVE-2011-1525
Heap-based buffer overflow in rvrender.dll in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.2, and RealPlayer SP 1.0 through 1.1.5, allows remote attackers to execute arbitrary code via a crafted frame in an Internet Video Recording (IVR) file. Desbordamiento de búfer en la región heap de la memoria en la biblioteca rvrender.dll en RealPlayer versiones 11.0 hasta 11.1 y versiones 14.0.0 hasta 14.0.2, y RealPlayer SP versiones 1.0 hasta 1.1.5, de RealNetworks, permite a atacantes remotos ejecutar código arbitrario por medio de una trama especialmente diseñada en un archivo de Internet Video Recording ( IVR). • https://www.exploit-db.com/exploits/17019 http://aluigi.org/adv/real_5-adv.txt http://osvdb.org/71260 http://secunia.com/advisories/43847 http://securityreason.com/securityalert/8181 http://service.real.com/realplayer/security/04122011_player/en http://www.exploit-db.com/exploits/17019 http://www.securityfocus.com/archive/1/517083/100/0/threaded http://www.securityfocus.com/bid/46946 http://www.securitytracker.com/id?1025245 https://exchange.xforce.ibmcloud.com/vulnerabili • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 41%CPEs: 19EXPL: 0CVE-2011-0694 – RealNetworks Real Player Predictable Temporary File Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-0694
RealNetworks RealPlayer 11.0 through 11.1, SP 1.0 through 1.1.5, and 14.0.0 through 14.0.1, and Enterprise 2.0 through 2.1.4, uses predictable names for temporary files, which allows remote attackers to conduct cross-domain scripting attacks and execute arbitrary code via the OpenURLinPlayerBrowser function. RealNetworks RealPlayer v11.0 hasta v11.1, SP v1.0 hasta v1.1.5, y v14.0.0 hasta v14.0.1, y Enterprise v2.0 hasta v2.1.4,utiliza nombres predecibles para los archivos temporales, lo que permite a atacantes remotos realizar ataques de secuencias de comandos entre dominios y ejecutar código arbitrario a través de la función OpenURLinPlayerBrowser. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the temporary file naming scheme used for storage of references to Real Media files. This easily predictable temporary filename can be brute forced and used in combination with the OpenURLinPlayerBrowser function available in classid:FDC7A535-4070-4B92-A0EA-D9994BCC0DC5 to execute the file. • http://docs.real.com/docs/security/SecurityUpdate020811RPE.pdf http://osvdb.org/70849 http://secunia.com/advisories/43268 http://securityreason.com/securityalert/8098 http://service.real.com/realplayer/security/02082011_player/en http://www.securityfocus.com/archive/1/516318/100/0/threaded http://www.securitytracker.com/id?1025058 http://www.zerodayinitiative.com/advisories/ZDI-11-076 •
CVSS: 9.3EPSS: 84%CPEs: 14EXPL: 0CVE-2010-4393 – Realplayer vidplin.dll AVI Parsing Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-4393
Heap-based buffer overflow in vidplin.dll in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.x before 14.0.2, and RealPlayer SP 1.0 through 1.1.5, allows remote attackers to execute arbitrary code via a crafted header in an AVI file. Desbordamiento de búfer basado en memoria en vidplin.dll en RealNetworks RealPlayer v11.0 hasta v11.1 y v14.0.x anterior a v14.0.2, y RealPlayer Sp v1.0 hasta v1.1.5, permite a atacantes remotos ejecutar código de su elección a través de una cabecera manipulada de un archivo AVI. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Realnetworks Realplayer SP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the vidplin.dll module. A buffer is allocated according to the user supplied length value. • http://osvdb.org/70682 http://secunia.com/advisories/43098 http://securitytracker.com/id?1024998 http://service.real.com/realplayer/security/01272011_player/en http://www.securityfocus.com/bid/46047 http://www.vupen.com/english/advisories/2011/0240 http://www.zerodayinitiative.com/advisories/ZDI-11-033 https://exchange.xforce.ibmcloud.com/vulnerabilities/64960 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 0%CPEs: 28EXPL: 0CVE-2010-4383 – HelixPlayer multiple flaws (CVE-2010-2997, CVE-2010-4375, CVE-2010-4378, CVE-2010-4379, CVE-2010-4382, CVE-2010-4383, CVE-2010-4385, CVE-2010-4386, CVE-2010-4392, CVE-2010-4376)
https://notcve.org/view.php?id=CVE-2010-4383
Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.4, RealPlayer Enterprise 2.1.2, Mac RealPlayer 11.0 through 12.0.0.1444, Linux RealPlayer 11.0.2.1744, and possibly HelixPlayer 1.0.6 and other versions, allows remote attackers to have an unspecified impact via a crafted RA5 file. Un desbordamiento de búfer basado en montículo en RealNetworks RealPlayer v11.0 a v11.1, RealPlayer SP v1.0 a v1.1.4, RealPlayer Enterprise v2.1.2, Mac RealPlayer v11.0 a v12.0.0.1444 y Linux RealPlayer v11.0.2.1744 permite a atacantes remotos tener un impacto no especificado a través de un archivo RA5 modificado. • http://service.real.com/realplayer/security/12102010_player/en http://www.redhat.com/support/errata/RHSA-2010-0981.html http://www.securitytracker.com/id?1024861 https://access.redhat.com/security/cve/CVE-2010-4383 https://bugzilla.redhat.com/show_bug.cgi?id=662772 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 0%CPEs: 26EXPL: 0CVE-2010-0125
https://notcve.org/view.php?id=CVE-2010-0125
RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.4, RealPlayer Enterprise 2.1.2, and Mac RealPlayer 11.0 through 12.0.0.1444 do not properly parse spectral data in AAC files, which has unspecified impact and remote attack vectors. RealNetworks RealPlayer v11.0 a v11.1, RealPlayer SP v1.0 a v1.1.4, RealPlayer Enterprise v2.1.2 y Mac RealPlayer v11.0 a v12.0.0.1444 no analiza correctamente los datos de espectro en los archivos AAC, que tiene un impacto no especificado usando vectores de ataque remotos. • http://service.real.com/realplayer/security/12102010_player/en http://www.securitytracker.com/id?1024861 • CWE-264: Permissions, Privileges, and Access Controls •