Page 16 of 217 results (0.004 seconds)

CVSS: 9.3EPSS: 6%CPEs: 10EXPL: 0

Stack-based buffer overflow in RealNetworks Helix Server 12.x, 13.x, and 14.x before 14.2, and Helix Mobile Server 12.x, 13.x, and 14.x before 14.2, allows remote attackers to execute arbitrary code via a long string in an RTSP request. Desbordamiento de búfer basado en pila en RealNetworks Helix Server v12.x, v13.x, v14.x, y antes de v14.2, y Helix Mobile Server v12.x, v13.x, v14.x, y antes de v14.2, permite a atacantes remotos ejecutar código de su elección a través de una cadena larga en una petición RTSP. • http://docs.real.com/docs/security/SecurityUpdate033111HS.pdf http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=899 http://www.securityfocus.com/bid/47109 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 10.0EPSS: 6%CPEs: 10EXPL: 0

Format string vulnerability in RealNetworks Helix Server 12.x, 13.x, and 14.x before 14.2, and Helix Mobile Server 12.x, 13.x, and 14.x before 14.2, allows remote attackers to execute arbitrary code via vectors related to the x-wap-profile HTTP header. Vulnerabilidad de formato de cadena en RealNetworks Helix Server v12.x, v13.x, y v14.x antes de v14.2, y Helix Mobile Server v12.x, v13.x, y v14.x antes de 14.2, permite a atacantes remotos ejecutar código de su elección a través de vectores relacionado con el encabezado HTTP x-wap-perfil. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Helix Server products. Authentication is not required to exploit this vulnerability. The specific flaw exists within the rmserver.exe process. This process is active by default on all Helix Server installations. • http://docs.real.com/docs/security/SecurityUpdate033111HS.pdf http://www.securityfocus.com/bid/47110 • CWE-134: Use of Externally-Controlled Format String •

CVSS: 9.3EPSS: 41%CPEs: 19EXPL: 0

RealNetworks RealPlayer 11.0 through 11.1, SP 1.0 through 1.1.5, and 14.0.0 through 14.0.1, and Enterprise 2.0 through 2.1.4, uses predictable names for temporary files, which allows remote attackers to conduct cross-domain scripting attacks and execute arbitrary code via the OpenURLinPlayerBrowser function. RealNetworks RealPlayer v11.0 hasta v11.1, SP v1.0 hasta v1.1.5, y v14.0.0 hasta v14.0.1, y Enterprise v2.0 hasta v2.1.4,utiliza nombres predecibles para los archivos temporales, lo que permite a atacantes remotos realizar ataques de secuencias de comandos entre dominios y ejecutar código arbitrario a través de la función OpenURLinPlayerBrowser. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the temporary file naming scheme used for storage of references to Real Media files. This easily predictable temporary filename can be brute forced and used in combination with the OpenURLinPlayerBrowser function available in classid:FDC7A535-4070-4B92-A0EA-D9994BCC0DC5 to execute the file. • http://docs.real.com/docs/security/SecurityUpdate020811RPE.pdf http://osvdb.org/70849 http://secunia.com/advisories/43268 http://securityreason.com/securityalert/8098 http://service.real.com/realplayer/security/02082011_player/en http://www.securityfocus.com/archive/1/516318/100/0/threaded http://www.securitytracker.com/id?1025058 http://www.zerodayinitiative.com/advisories/ZDI-11-076 •

CVSS: 9.3EPSS: 84%CPEs: 14EXPL: 0

Heap-based buffer overflow in vidplin.dll in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.x before 14.0.2, and RealPlayer SP 1.0 through 1.1.5, allows remote attackers to execute arbitrary code via a crafted header in an AVI file. Desbordamiento de búfer basado en memoria en vidplin.dll en RealNetworks RealPlayer v11.0 hasta v11.1 y v14.0.x anterior a v14.0.2, y RealPlayer Sp v1.0 hasta v1.1.5, permite a atacantes remotos ejecutar código de su elección a través de una cabecera manipulada de un archivo AVI. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Realnetworks Realplayer SP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the vidplin.dll module. A buffer is allocated according to the user supplied length value. • http://osvdb.org/70682 http://secunia.com/advisories/43098 http://securitytracker.com/id?1024998 http://service.real.com/realplayer/security/01272011_player/en http://www.securityfocus.com/bid/46047 http://www.vupen.com/english/advisories/2011/0240 http://www.zerodayinitiative.com/advisories/ZDI-11-033 https://exchange.xforce.ibmcloud.com/vulnerabilities/64960 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 5.0EPSS: 0%CPEs: 26EXPL: 0

The cook codec in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.4, RealPlayer Enterprise 2.1.2, Mac RealPlayer 11.0 through 11.1, and Linux RealPlayer 11.0.2.1744 does not properly initialize the number of channels, which allows attackers to obtain unspecified "memory access" via unknown vectors. El códec "cook" en RealNetworks RealPlayer v11.0 a v11.1, RealPlayer SP v1.0 a v1.1.4, RealPlayer Enterprise v2.1.2, Mac RealPlayer v11.0 a v11.1 y Linux RealPlayer v11.0.2.1744 no inicializa correctamente el número de canales, lo que permite a los atacantes "acceso a memoria" de una forma no especificada a través de vectores desconocidos. • http://service.real.com/realplayer/security/12102010_player/en http://www.securitytracker.com/id?1024861 •