CVSS: 10.0EPSS: 0%CPEs: 17EXPL: 0CVE-2010-3748
https://notcve.org/view.php?id=CVE-2010-3748
Stack-based buffer overflow in the RichFX component in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.4, and RealPlayer Enterprise 2.1.2 allows remote attackers to have an unspecified impact via unknown vectors. Desbordamiento de buffer basado en pila en el componente RichFX de RealNetworks RealPlayer v11.0 hasta la v11.1, RealPlayer SP 1.0 hasta la v1.1.4, y RealPlayer Enterprise v2.1.2 permite a atacantes remotos provocar una impacto sin determinar a través de vectores desconocidos. • http://service.real.com/realplayer/security/10152010_player/en http://www.securityfocus.com/bid/44144 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 95%CPEs: 17EXPL: 1CVE-2010-3747 – RealNetworks RealPlayer ActiveX Control CDDA URI Uninitialized Pointer Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-3747
An ActiveX control in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.4, and RealPlayer Enterprise 2.1.2 does not properly initialize an unspecified object component during parsing of a CDDA URI, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized pointer dereference and application crash) via a long URI. Un control ActiveX en RealNetworks RealPlayer v11.0 hasta la v11.1, RealPlayer SP v1.0 hasta la v1.1.4, y RealPlayer Enterprise v2.1.2 no inicializa apropiadamente un componente objeto sin especificar durante el parseo de una URI CDDA, lo que permite a atacantes remotos ejecutar código de su elección o provocar una denegación de servicio (resolución de puntero sin inicializar y caída de la aplicación) a través de una URI extensa. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists during the parsing of long CDDA URIs due to a failure to initialize a particular component of an object. The application will later call a method in the object leading to the uninitialized pointer being called. • https://www.exploit-db.com/exploits/16998 http://securityreason.com/securityalert/8147 http://service.real.com/realplayer/security/10152010_player/en http://www.securityfocus.com/bid/44144 http://www.zerodayinitiative.com/advisories/ZDI-10-210 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 10%CPEs: 17EXPL: 0CVE-2010-3750 – RealNetworks RealPlayer RJMDSections Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-3750
rjrmrpln.dll in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.4, and RealPlayer Enterprise 2.1.2 does not properly validate file contents that are used during interaction with a heap buffer, which allows remote attackers to execute arbitrary code via crafted Name Value Property (NVP) elements in logical streams in a media file. rjrmrpln.dll en RealNetworks RealPlayer v11.0 hasta la v11.1, RealPlayer SP 1.0 hasta la v1.1.4, y RealPlayer Enterprise v2.1.2 no valida apropiadamente el contenido de un fichero utilizado durante la interacción con un desbordamiento de memoria dinámica, lo que permite a atacantes remotos ejecutar código de su elección a través de elementos "Name Value Property" (NVP) en streams lógicos de un archivo multimedia. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required in that a target must open a malicious website or media file. The specific flaw exists within the code responsible for parsing Name Value Property (NVP) elements from within logical streams in a RealPlayer media file. Specifically, a function within the rjrmrpln.dll file allocates a buffer on the heap which can be directly influenced from data within the file. This buffer is then written to using another value defined in the file and thus also controlled. • http://service.real.com/realplayer/security/10152010_player/en http://www.securityfocus.com/bid/44144 http://www.zerodayinitiative.com/advisories/ZDI-10-212 • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 10%CPEs: 23EXPL: 0CVE-2009-4248 – RealPlayer: RTSP SET_PARAMETER buffer overflow
https://notcve.org/view.php?id=CVE-2009-4248
Buffer overflow in the RTSPProtocol::HandleSetParameterRequest function in client/core/rtspprotocol.cpp in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted RTSP SET_PARAMETER request. Un desbordamiento de búfer en la función RTSPProtocol::HandleSetParameterRequest en el archivo client/core/rtspprotocol.cpp en RealPlayer versión 10, RealPlayer versiones 10,5 6.0.12.1040 hasta 6.0.12.1741, RealPlayer versiones 11 11.0.0 hasta 11.0.4, RealPlayer Enterprise, Mac RealPlayer versiones 10 y 10.1, Linux RealPlayer versión 10, y Helix Player versiones 10.x, de RealNetworks, permite a los atacantes remotos causar una denegación de servicio (bloqueo de la aplicación) o posiblemente ejecutar código arbitrario por medio de una petición RTSP SET_PARAMETER especialmente diseñada. • http://lists.helixcommunity.org/pipermail/client-cvs/2008-January/003756.html http://lists.helixcommunity.org/pipermail/client-cvs/2008-January/003759.html http://lists.helixcommunity.org/pipermail/client-dev/2008-January/004591.html http://secunia.com/advisories/38218 http://secunia.com/advisories/38450 http://securitytracker.com/id?1023489 http://service.real.com/realplayer/security/01192010_player/en http://www.redhat.com/support/errata/RHSA-2010-0094.html http://www.securityfocus.com/bid/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 1%CPEs: 23EXPL: 0CVE-2009-4243
https://notcve.org/view.php?id=CVE-2009-4243
RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allow remote attackers to have an unspecified impact via a crafted media file that uses HTTP chunked transfer coding, related to an "overflow." RealNetworks RealPlayer 10, RealPlayer v10.5 6.0.12.1040 hasta v6.0.12.1741, RealPlayer 11 v11.0.0 hasta v11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 y v10.1, Linux RealPlayer 10, y Helix Player v10.x, permite a atacantes remotos tener un impacto no especificado a través de un fichero de contenido multimedia que utilice codificación de transferencia fragmentada, relacionado con un desbordamiento. • http://osvdb.org/61967 http://secunia.com/advisories/38218 http://securitytracker.com/id?1023489 http://service.real.com/realplayer/security/01192010_player/en http://www.securityfocus.com/bid/37880 http://www.vupen.com/english/advisories/2010/0178 https://exchange.xforce.ibmcloud.com/vulnerabilities/55796 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •