CVSS: 10.0EPSS: 63%CPEs: 23EXPL: 0CVE-2009-4257 – RealNetworks RealPlayer SMIL getAtom Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2009-4257
Heap-based buffer overflow in datatype/smil/common/smlpkt.cpp in smlrender.dll in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10 and 11.0.0, and Helix Player 10.x and 11.0.0 allows remote attackers to execute arbitrary code via an SMIL file with crafted string lengths. Un desbordamiento de búfer en la región heap de la memoria en el archivo datatype/smil/common/smlpkt.cpp en la biblioteca smlrender. dll en RealPlayer versión 10, RealPlayer versiones 10.5 6.0.12.1040 hasta 6.0.12.1741, RealPlayer versiones 11 11.0.0 hasta 11.0.4, RealPlayer Enterprise, Mac RealPlayer versiones 10 y 10.1, Linux RealPlayer versiones 10 y 11.0.0 y Helix Player versiones 10.x y 11.0.0, de RealNetworks, permite a los atacantes remotos ejecutar código arbitrario por medio de un archivo SMIL con longitudes de cadena especialmente diseñadas. This vulnerability allows attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the smlrender.dll library responsible for parsing SMIL files. A lack of proper string length checks can result in the overflow of a static heap buffer. • http://lists.helixcommunity.org/pipermail/datatype-cvs/2008-September/008678.html http://secunia.com/advisories/38218 http://secunia.com/advisories/38450 http://securitytracker.com/id?1023489 http://service.real.com/realplayer/security/01192010_player/en http://www.redhat.com/support/errata/RHSA-2010-0094.html http://www.securityfocus.com/archive/1/509105/100/0/threaded http://www.securityfocus.com/bid/37880 http://www.vupen.com/english/advisories/2010/0178 http://www.zerodayinitiati • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 10.0EPSS: 45%CPEs: 23EXPL: 0CVE-2009-4246 – RealNetworks RealPlayer Skin Parsing Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2009-4246
Stack-based buffer overflow in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows user-assisted remote attackers to execute arbitrary code via a malformed .RJS skin file that contains a web.xmb file with crafted length values. Desbordamiento de búfer basado en pila en RealNetworks RealPlayer 10, RealPlayer v10.5 6.0.12.1040 hasta v6.0.12.1741, RealPlayer 11 v11.0.0 hasta 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 y v10.1, Linux RealPlayer 10, y Helix Player v10.x, permite a atacantes remotos asistidos por usuarios locales ejecutar código de su elección a través de un fichero "skin" .RJS que contiene un fichero web.xmb con las longitudes de cadena manipuladas. This vulnerability allows remote attackers to execute code on vulnerable installations of RealNetworks RealPlayer. User interaction is required in that a user must visit a malicious website or open a malicious file and accept a dialog to switch player skins. The specific flaw exists during parsing of malformed RealPlayer .RJS skin files. While loading a skin the application copies certain variable length fields from the extracted file named web.xmb into a statically sized buffer. • http://secunia.com/advisories/38218 http://securitytracker.com/id?1023489 http://service.real.com/realplayer/security/01192010_player/en http://www.securityfocus.com/archive/1/509104/100/0/threaded http://www.securityfocus.com/bid/37880 http://www.vupen.com/english/advisories/2010/0178 http://www.zerodayinitiative.com/advisories/ZDI-10-010 https://exchange.xforce.ibmcloud.com/vulnerabilities/55799 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •