CVSS: 9.3EPSS: 2%CPEs: 18EXPL: 0CVE-2010-4386 – HelixPlayer multiple flaws (CVE-2010-2997, CVE-2010-4375, CVE-2010-4378, CVE-2010-4379, CVE-2010-4382, CVE-2010-4383, CVE-2010-4385, CVE-2010-4386, CVE-2010-4392, CVE-2010-4376)
https://notcve.org/view.php?id=CVE-2010-4386
RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.4, Linux RealPlayer 11.0.2.1744, and possibly HelixPlayer 1.0.6 and other versions, allow remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted RealMedia video file. RealNetworks RealPlayer v11.0 hasta v11.1, RealPlayer SP v1.0 hasta v1.1.4, y Linux RealPlayer v11.0.2.1744 permite a atacantes remotos ejecutar código de su elección o provocar una denegación de servicio (corrupción del montón de memoria) a través de un archivo de video RealMedia manipulado. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=883 http://service.real.com/realplayer/security/12102010_player/en http://www.redhat.com/support/errata/RHSA-2010-0981.html http://www.securitytracker.com/id?1024861 https://access.redhat.com/security/cve/CVE-2010-4386 https://bugzilla.redhat.com/show_bug.cgi?id=662772 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 0%CPEs: 19EXPL: 0CVE-2010-4390
https://notcve.org/view.php?id=CVE-2010-4390
Multiple heap-based buffer overflows in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.5, and Linux RealPlayer 11.0.2.1744 allow remote attackers to have an unspecified impact via a crafted header in an IVR file. Múltiples vilnerabilidades de desbordamiento de búfer basadas en montón en RealNetworks RealPlayer v11.0 hasta v11.1, RealPlayer SP v1.0 hasta v1.1.5, y Linux RealPlayer v11.0.2.1744, permite a atacantes remotos provocar un impacto no especificado a través de una cabecera manipuada en un archivo IVR. • http://osvdb.org/69850 http://service.real.com/realplayer/security/12102010_player/en http://www.securitytracker.com/id?1024861 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 0%CPEs: 19EXPL: 0CVE-2010-4385 – HelixPlayer multiple flaws (CVE-2010-2997, CVE-2010-4375, CVE-2010-4378, CVE-2010-4379, CVE-2010-4382, CVE-2010-4383, CVE-2010-4385, CVE-2010-4386, CVE-2010-4392, CVE-2010-4376)
https://notcve.org/view.php?id=CVE-2010-4385
Integer overflow in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.4, RealPlayer Enterprise 2.1.2, Linux RealPlayer 11.0.2.1744, and possibly HelixPlayer 1.0.6 and other versions, allows remote attackers to have an unspecified impact via crafted frame dimensions in an SIPR stream. Desbordamiento de entero en RealNetworks RealPlayer v11.0 hasta v11.1, RealPlayer SP v1.0 hasta v1.1.4, RealPlayer Enterprisev2.1.2, y Linux RealPlayer v11.0.2.1744 permite a atacantes remotos provocar un impacto no especificado a través de tamaños de tramas manipulados en una corriente SIPR. • http://service.real.com/realplayer/security/12102010_player/en http://www.redhat.com/support/errata/RHSA-2010-0981.html http://www.securitytracker.com/id?1024861 https://access.redhat.com/security/cve/CVE-2010-4385 https://bugzilla.redhat.com/show_bug.cgi?id=662772 • CWE-189: Numeric Errors •
CVSS: 9.3EPSS: 8%CPEs: 19EXPL: 0CVE-2010-2999 – RealNetworks RealPlayer AAC MLLT Atom Parsing Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-2999
Integer overflow in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.0.1, Mac RealPlayer 11.0 through 11.1, and Linux RealPlayer 11.0.2.1744 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a malformed MLLT atom in an AAC file. Desbordamiento de entero en RealNetworks RealPlayer v11.0 a v11.1, RealPlayer SP v1.0 a v1.0.1, Mac RealPlayer v11.0 a v11.1 y Linux RealPlayer v11.0.2.1744 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de la memoria montículo) a través de un átomo MLLT mal formado en un archivo AAC. This vulnerability allows attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists when parsing an .AAC file containing a malformed MLLT atom. The application utilizes a size specified in this data structure for allocation of a list of objects. • http://service.real.com/realplayer/security/12102010_player/en http://www.securitytracker.com/id?1024861 http://www.zerodayinitiative.com/advisories/ZDI-10-273 • CWE-189: Numeric Errors •
CVSS: 9.3EPSS: 4%CPEs: 17EXPL: 0CVE-2010-4394 – RealNetworks RealPlayer RealPix Server Header Parsing Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-4394
Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.5 allows remote web servers to execute arbitrary code via a long Server header in a response to an HTTP request that occurs during parsing of a RealPix file. Desbordamiento de Desbordamiento de búfer basado en montículo en RealNetworks RealPlayer v11.0 hasta v11.1 y RealPlayer SP v1.0 hasta v1.1.5, permite a servidores web remotos ejecutar codigo de su elección a través de una cabecera Server larga en respuesta a una petición HTTP que ocurre durante el parseo de un archivo RealPix. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within RealPlayer's parsing of RealPix files. If such a file contains an image tag pointing to a remote server, the player will attempt to fetch the remote file. • http://osvdb.org/69853 http://service.real.com/realplayer/security/12102010_player/en http://www.securitytracker.com/id?1024861 http://www.zerodayinitiative.com/advisories/ZDI-10-282 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •