Page 14 of 69 results (0.004 seconds)

CVSS: 9.3EPSS: 78%CPEs: 13EXPL: 0

CVE-2010-0116

https://notcve.org/view.php?id=CVE-2010-0116

Integer overflow in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.4 on Windows might allow remote attackers to execute arbitrary code via a crafted QCP file that triggers a heap-based buffer overflow. Desbordamiento de entero en RealNetworks RealPlayer v11.0 hasta la v11.1 y RealPlayer SP v1.0 hasta la v1.1.4 en Windows puede permitir a atacantes remotos ejecutar código de su elección a través de un fichero QCP modificado que provoca un desbordamiento de buffer basado en memoria dinámica. • http://secunia.com/advisories/41096 http://secunia.com/advisories/41154 http://secunia.com/secunia_research/2010-3 http://service.real.com/realplayer/security/08262010_player/en http://www.securitytracker.com/id?1024370 http://www.vupen.com/english/advisories/2010/2216 https://exchange.xforce.ibmcloud.com/vulnerabilities/61420 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7326 • CWE-189: Numeric Errors •

CVSS: 9.3EPSS: 83%CPEs: 13EXPL: 0

CVE-2010-0120

https://notcve.org/view.php?id=CVE-2010-0120

Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.4 on Windows allows remote attackers to execute arbitrary code via large size values in QCP audio content. Desbordamiento de buffer basado en memoria dinámica en RealNetworks RealPlayer v11.0 hasta la v11.1 y RealPlayer SP v1.0 hasta la v1.1.4 en Windows. Permite a atacantes remotos ejecutar código de su elección a través de valores de tamaño extensos en un contenido de audio QCP. • http://secunia.com/advisories/41096 http://secunia.com/advisories/41154 http://secunia.com/secunia_research/2010-8 http://service.real.com/realplayer/security/08262010_player/en http://www.securitytracker.com/id?1024370 http://www.vupen.com/english/advisories/2010/2216 https://exchange.xforce.ibmcloud.com/vulnerabilities/61422 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6807 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 9.3EPSS: 40%CPEs: 13EXPL: 0

CVE-2010-0117

https://notcve.org/view.php?id=CVE-2010-0117

RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.4 on Windows do not properly handle dimensions during YUV420 transformations, which might allow remote attackers to execute arbitrary code via crafted MP4 content. RealNetworks RealPlayer v11.0 hasta la v11.1 y RealPlayer SP v1.0 hasta la v1.1.4 en Windows no maneja apropiadamente las dimensiones durante las transformaciones YUV420, lo que puede permitir a atacantes remotos ejecutar código de su elección a través de contenidos MP4 modificados. • http://secunia.com/advisories/41096 http://secunia.com/advisories/41154 http://secunia.com/secunia_research/2010-5 http://service.real.com/realplayer/security/08262010_player/en http://www.securitytracker.com/id?1024370 http://www.vupen.com/english/advisories/2010/2216 https://exchange.xforce.ibmcloud.com/vulnerabilities/61421 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7169 •

CVSS: 10.0EPSS: 95%CPEs: 13EXPL: 1

CVE-2010-3000 – RealNetworks RealPlayer FLV Parsing Multiple Integer Overflow Vulnerabilities

https://notcve.org/view.php?id=CVE-2010-3000

Multiple integer overflows in the ParseKnownType function in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.4 on Windows allow remote attackers to execute arbitrary code via crafted (1) HX_FLV_META_AMF_TYPE_MIXEDARRAY or (2) HX_FLV_META_AMF_TYPE_ARRAY data in an FLV file. Múltiples desbordamientos de entero en la función ParseKnownType de RealNetworks RealPlayer v11.0 hasta la v11.1 y RealPlayer SP v1.0 hasta la v1.1.4 en Windows. Permite a atacantes remotos ejecutar código de su elección a través de datos (1) HX_FLV_META_AMF_TYPE_MIXEDARRAY o (2) HX_FLV_META_AMF_TYPE_ARRAY modificados en un fichero FLV. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. Authentication is not required to exploit this vulnerability. The specific flaw exists within the module responsible for handling the FLV file format. • https://www.exploit-db.com/exploits/14992 http://secunia.com/advisories/41096 http://secunia.com/advisories/41154 http://service.real.com/realplayer/security/08262010_player/en http://www.securityfocus.com/archive/1/513383/100/0/threaded http://www.securitytracker.com/id?1024370 http://www.vupen.com/english/advisories/2010/2216 http://www.zerodayinitiative.com/advisories/ZDI-10-167 https://exchange.xforce.ibmcloud.com/vulnerabilities/61423 https://oval.cisecurity.org/repository/search • CWE-189: Numeric Errors •