CVSS: 9.3EPSS: 95%CPEs: 21EXPL: 0CVE-2007-2264 – RealPlayer RA Field Size File Processing Heap Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2007-2264
Heap-based buffer overflow in RealNetworks RealPlayer 8, 10, 10.1, and possibly 10.5; RealOne Player 1 and 2; and RealPlayer Enterprise allows remote attackers to execute arbitrary code via a RAM (.ra or .ram) file with a large size value in the RA header. Un desbordamiento de búfer en la región Heap de la memoria en RealNetworks RealPlayer las versiones 8, 10, 10.1 y posiblemente 10.5; RealOne Player versiones 1 y 2; y RealPlayer Enterprise permite a los atacantes remotos ejecutar código arbitrario por medio de un archivo RAM (.ra o .ram) con un valor de gran tamaño en el encabezado RA. This vulnerability allows remote attackers to execute code on vulnerable installations of RealPlayer. User interaction is required in that a user must open a malicious .ra/.ram file or visit a malicious web site. The specific flaw exists during the parsing of files with improperly defined size field in the RA header. Specifying a large unsigned value data can trigger a heap corruption and further result in arbitrary code execution under the context of the logged in user. • http://secunia.com/advisories/27361 http://securitytracker.com/id?1018866 http://service.real.com/realplayer/security/10252007_player/en http://www.attrition.org/pipermail/vim/2007-October/001841.html http://www.securityfocus.com/archive/1/483113/100/0/threaded http://www.securityfocus.com/bid/26214 http://www.vupen.com/english/advisories/2007/3628 http://www.zerodayinitiative.com/advisories/ZDI-07-063.html https://exchange.xforce.ibmcloud.com/vulnerabilities/37437 https://oval.cisecu • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 95%CPEs: 3EXPL: 2CVE-2007-5601 – RealPlayer - 'ierpplug.dll' ActiveX Control Playlist Name Buffer Overflow
https://notcve.org/view.php?id=CVE-2007-5601
Stack-based buffer overflow in the Database Component in MPAMedia.dll in RealNetworks RealPlayer 10.5 and 11 beta, and earlier versions including 10, RealOne Player, and RealOne Player 2, allows remote attackers to execute arbitrary code via certain playlist names, as demonstrated via the import method to the IERPCtl ActiveX control in ierpplug.dll. Un desbordamiento de búfer en la región stack de la memoria en el Database Component en la biblioteca MPAMedia.dll en RealNetworks RealPlayer versiones 10.5 y 11 beta, y anteriores, incluyendo versión 10, RealOne Player y RealOne Player versión 2, permite a atacantes remotos ejecutar código arbitrario por medio de ciertos nombres de lista de reproducción, como es demostrado por medio del método import en el control ActiveX IERPCtl en la biblioteca ierpplug.dl. • https://www.exploit-db.com/exploits/16497 https://www.exploit-db.com/exploits/30692 http://secunia.com/advisories/27248 http://service.real.com/realplayer/security/191007_player/en http://www.infosecblog.org/2007/10/nasa-bans-ie.html http://www.kb.cert.org/vuls/id/871673 http://www.securityfocus.com/bid/26130 http://www.securitytracker.com/id?1018843 http://www.symantec.com/enterprise/security_response/weblog/2007/10/realplayer_exploit_on_the_loos.html http://www.us& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 95%CPEs: 10EXPL: 1CVE-2007-3410 – RealNetworks RealPlayer/HelixPlayer - SMIL wallclock Stack Overflow (PoC)
https://notcve.org/view.php?id=CVE-2007-3410
Stack-based buffer overflow in the SmilTimeValue::parseWallClockValue function in smlprstime.cpp in RealNetworks RealPlayer 10, 10.1, and possibly 10.5, RealOne Player, RealPlayer Enterprise, and Helix Player 10.5-GOLD and 10.0.5 through 10.0.8, allows remote attackers to execute arbitrary code via an SMIL (SMIL2) file with a long wallclock value. Un desbordamiento de búfer en la región stack de la memoria en la función SmilTimeValue::parseWallClockValue en el archivo smlprstime.cpp en RealNetworks RealPlayer versiones 10, 10.1 y posiblemente 10.5, RealOne Player, RealPlayer Enterprise y Helix Player versión 10.5-GOLD y versiones 10.0.5 hasta 10.0.8, permite a atacantes remotos ejecutar código arbitrario por medio de un archivo SMIL (SMIL2) con un valor wallclock largo. • https://www.exploit-db.com/exploits/4118 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=547 http://osvdb.org/37374 http://osvdb.org/38342 http://secunia.com/advisories/25819 http://secunia.com/advisories/25859 http://secunia.com/advisories/26463 http://secunia.com/advisories/26828 http://secunia.com/advisories/27361 http://security.gentoo.org/glsa/glsa-200709-05.xml http://securitytracker.com/id?1018297 http://securitytracker.com/id?1018299 http:/& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 5%CPEs: 1EXPL: 2CVE-2007-2497 – RealPlayer 10 - '.ra' Remote Denial of Service
https://notcve.org/view.php?id=CVE-2007-2497
RealNetworks RealPlayer 10 Gold allows remote attackers to cause a denial of service (memory consumption) via a certain .ra file. NOTE: this issue was referred to as a "memory leak," but it is not clear if this is correct. RealNetworks RealPlayer 10 Gold permite a atacantes remotos provocar una denegación de servicio (agotamiento de memoria) mediante un fichero .ra concreto. NOTA. Este tema fue tratado como un "agujero de memoria" pero no está claro que sea correcto. • https://www.exploit-db.com/exploits/3819 http://osvdb.org/41730 http://www.securityfocus.com/bid/23712 •
CVSS: 9.3EPSS: 96%CPEs: 6EXPL: 3CVE-2006-0323 – RealPlayer 10.5 (6.0.12.1040-1348) - SWF Buffer Overflow (PoC)
https://notcve.org/view.php?id=CVE-2006-0323
Buffer overflow in swfformat.dll in multiple RealNetworks products and versions including RealPlayer 10.x, RealOne Player, Rhapsody 3, and Helix Player allows remote attackers to execute arbitrary code via a crafted SWF (Flash) file with (1) a size value that is less than the actual size, or (2) other unspecified manipulations. Desbordamiento de buffer en swfformat.dll en múltiples productos y versiones RealNetworks incluyendo RealPlayer 10.x, RealOne Player, Rhapsody 3 y Helix Player permite a atacantes remotos ejecutar código arbitrario a través de un archivo SWF (Flash) manipulado con (1) un valor de tamaño que es menor que el tamaño real o (2) otras manipulaciones no especificadas. • https://www.exploit-db.com/exploits/1622 https://www.exploit-db.com/exploits/27460 http://secunia.com/advisories/19358 http://secunia.com/advisories/19362 http://secunia.com/advisories/19365 http://secunia.com/advisories/19390 http://securityreason.com/securityalert/690 http://securitytracker.com/id?1015806 http://www.gentoo.org/security/en/glsa/glsa-200603-24.xml http://www.kb.cert.org/vuls/id/231028 http://www.novell.com/linux/security/advisories/2006_18_realplayer. • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •