CVSS: 9.3EPSS: 20%CPEs: 19EXPL: 0CVE-2010-4395 – RealNetworks RealPlayer Advanced Audio Coding Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-4395
Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.5, and Linux RealPlayer 11.0.2.1744 allows remote attackers to execute arbitrary code via a crafted conditional component in AAC frame data. Desbordamiento de buffer basado en montón en RealNetworks RealPlayer v11.0 hasta v11.1, RealPlayer SP v1.0 hasta v1.1.5, y Linux RealPlayer v11.0.2.1744, permite a atacantes remotos ejecutar código de su elección a través de un componente condicional en una trama de datos AAC This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks Real Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the application's implementation of the Advanced Audio Coding compression format. When decoding a conditional component of a data block within an AAC frame the application will decompress lossy audio sample data outside the bounds of a buffer. This memory corruption can lead to code execution under the context of the application. • http://osvdb.org/69854 http://service.real.com/realplayer/security/12102010_player/en http://www.securitytracker.com/id?1024861 http://www.zerodayinitiative.com/advisories/ZDI-10-267 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.0EPSS: 1%CPEs: 18EXPL: 0CVE-2010-4396 – RealNetworks RealPlayer Cross-Zone Scripting Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-4396
Cross-zone scripting vulnerability in the HandleAction method in a certain ActiveX control in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.5, and RealPlayer Enterprise 2.1.2 allows remote attackers to inject arbitrary web script or HTML in the Local Zone by specifying a local file in a NavigateToURL action, as demonstrated by a local skin file. Vulnerabilidad de secuencias de comandos en zonas cruzadas en el método HandleAction en control ActiveX en RealNetworks RealPlayer v11.0 hasta v11.1, RealPlayer SP v1.0 hasta v1.1.5, y RealPlayer Enterprise v2.1.2, permite a atacantes remotos inyectar código web o HTML de su elección en "Local Zone" especificando un archivo local en una acción NavigateToURL, como se demostró con un archivo local de "skin" This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is requires in that a target must navigate to a malicious page. The specific flaw exists within the HandleAction method of the RealPlayer ActiveX control with CLSID FDC7A535-4070-4B92-A0EA-D9994BCC0DC5. The vulnerable action that can be invoked via this control is NavigateToURL. If NavigateToURL can be pointed to a controlled file on the user's system, RealPlayer can be made to execute scripts in the Local Zone. • http://osvdb.org/69855 http://service.real.com/realplayer/security/12102010_player/en http://www.securitytracker.com/id?1024861 http://www.zerodayinitiative.com/advisories/ZDI-10-275 • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 13%CPEs: 21EXPL: 0CVE-2010-4378 – RealNetworks Realplayer RV20 Stream Parsing Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-4378
The drv2.dll (aka RV20 decompression) module in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.5, RealPlayer Enterprise 2.1.2 and 2.1.3, Linux RealPlayer 11.0.2.1744, and possibly HelixPlayer 1.0.6 and other versions, allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted value of an unspecified length field in an RV20 video stream. El módulo drv2.dll (también conocido como descompresión RV20) en RealNetworks RealPlayer v11.0 a v11.1, RealPlayer SP v1.0 a v1.1.5, RealPlayer Enterprise v2.1.2 a v2.1.3 y Linux RealPlayer v11.0.2.1744 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de la memoria montículo) a través de un valor modificado en un campo de longitud no especificada en una secuencia de vídeo RV20. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists within the module responsible for decompressing RV20 video streams. The drv2.dll trusts a value from the file as a length and uses it within a copy loop that writes to heap memory. • http://service.real.com/realplayer/security/12102010_player/en http://www.redhat.com/support/errata/RHSA-2010-0981.html http://www.securitytracker.com/id?1024861 http://www.zerodayinitiative.com/advisories/ZDI-10-274 https://access.redhat.com/security/cve/CVE-2010-4378 https://bugzilla.redhat.com/show_bug.cgi?id=662772 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 10%CPEs: 19EXPL: 0CVE-2010-2997 – RealNetworks RealPlayer ICY Protocol StreamTitle Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-2997
Use-after-free vulnerability in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.0.1, Mac RealPlayer 11.0 through 11.1, Linux RealPlayer 11.0.2.1744, and possibly HelixPlayer 1.0.6 and other versions, allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted StreamTitle tag in an ICY SHOUTcast stream, related to the SMIL file format. Vulnerabilidad de uso después de liberación en RealNetworks RealPlayer v11.0 hasta v11.1, RealPlayer SP v1.0 hasta v1.0.1, Mac RealPlayer v11.0 hasta v11.1, and Linux RealPlayer v11.0.2.1744, permite a atacantes remotos ejecutar código de su elección o provocar una denegación de servicio (corrupción del montón de memoria) a través de una etiqueta StreamTitle en una corriente ICY SHOUTcast, relacionada con el formato de archivo SMIL. This vulnerability allows remote attackers to execute arbitrary code on vulnerability installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must open a malicious SHOUTcast Stream. The specific flaw exists in the processing of the StreamTitle tag in a SHOUTcast stream using the ICY protocol. A specially crafted string supplied as the property for the title can result in a failed allocation of heap memory. • http://service.real.com/realplayer/security/12102010_player/en http://www.redhat.com/support/errata/RHSA-2010-0981.html http://www.securitytracker.com/id?1024861 http://www.zerodayinitiative.com/advisories/ZDI-10-270 https://access.redhat.com/security/cve/CVE-2010-2997 https://bugzilla.redhat.com/show_bug.cgi?id=662772 • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 18%CPEs: 28EXPL: 0CVE-2010-4377 – RealNetworks RealPlayer Cook Audio Codec Parsing Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-4377
Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.5, Mac RealPlayer 11.0 through 12.0.0.1444, and Linux RealPlayer 11.0.2.1744 allows remote attackers to execute arbitrary code by specifying many subbands in cook audio codec information in a Real Audio file. Desbordamiento de buffer bastado en el montón en RealNetworks RealPlayer v11.0 hasta v11.1, RealPlayer SP v1.0 hasta v1.1.5, Mac RealPlayer v11.0 hasta v12.0.0.1444, y Linux RealPlayer v11.0.2.1744, permite a atacantes remotos ejecutar código de su elección especificando muchas sub-bandas (subbands) en la información de un codec de audio cook de un archivo Real Audio. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious media file. The specific flaw exists in the parsing of audio codec information encapsulated in a Real Audio media file. While processing cook audio codec data the number of subbands is improperly calculated. • http://service.real.com/realplayer/security/12102010_player/en http://www.securitytracker.com/id?1024861 http://www.zerodayinitiative.com/advisories/ZDI-10-272 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •