CVE-2010-4391 – RealNetworks RealPlayer RMX Header Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-4391
Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.5, and RealPlayer Enterprise 2.1.2 and 2.1.3 allows remote attackers to execute arbitrary code via a crafted value in an unspecified header field in an RMX file. Desbordamiento de búfer basado en montón en RealNetworks RealPlayer v11.0 hasta v11.1, RealPlayer SP v1.0 hasta v1.1.5, RealPlayer Enterprise v2.1.2 y v2.1.3, permite a atacantes remotos ejecutar código de su elección a través de un valor manipuado en un campo de cabecera no especificado de un archivo RMX. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the applications support for parsing the RMX file format. When parsing the format, the application will explicitly trust 32-bits in a field used in the header for the allocation of an array. • http://osvdb.org/69851 http://service.real.com/realplayer/security/12102010_player/en http://www.securitytracker.com/id?1024861 http://www.zerodayinitiative.com/advisories/ZDI-10-281 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2010-4389 – RealNetworks RealPlayer Cook Codec Initialization Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-4389
Heap-based buffer overflow in the cook codec in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.5, and Linux RealPlayer 11.0.2.1744 allows remote attackers to execute arbitrary code via unspecified data in the initialization buffer. Desbordamiento de buffer basado en montón en el codec cook de RealNetworks RealPlayer v11.0 hasta v11.1, RealPlayer SP v1.0 hasta v1.1.5, y Linux RealPlayer v11.0.2.1744, permite a atacantes remotos ejecutar código de su elección a través de datos no especificados en la inicialización del buffer. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application parses cook-specific data used for initialization. The application will use a length in a copy without verifying it being larger than the destination buffer. • http://osvdb.org/69849 http://service.real.com/realplayer/security/12102010_player/en http://www.securitytracker.com/id?1024861 http://www.zerodayinitiative.com/advisories/ZDI-10-279 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2010-4375 – RealNetworks RealPlayer Multi-Rate Audio Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-4375
Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11.1, Mac RealPlayer 11.0 through 11.1, Linux RealPlayer 11.0.2.1744, and possibly HelixPlayer 1.0.6 and other versions, allows remote attackers to execute arbitrary code via malformed multi-rate data in an audio stream. Desbordamiento de buffer bastado en el montón en RealNetworks RealPlayer v11.0 hasta v11.1, Mac RealPlayer v11.0 hasta v12.0.0.1444, y Linux RealPlayer v11.0.2.1744, permite a atacantes remotos ejecutar código de su elección a través de datos multi ratio mal formados en una corriente de audio. This vulnerability allows attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists when parsing a RealMedia file containing a malformed multi-rate audio stream. The application explicitly trusts two 16-bit values in this data structure which are then used to calculate the size used for an allocation. • http://service.real.com/realplayer/security/12102010_player/en http://www.redhat.com/support/errata/RHSA-2010-0981.html http://www.securitytracker.com/id?1024861 http://www.zerodayinitiative.com/advisories/ZDI-10-266 https://access.redhat.com/security/cve/CVE-2010-4375 https://bugzilla.redhat.com/show_bug.cgi?id=662772 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2010-4395 – RealNetworks RealPlayer Advanced Audio Coding Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-4395
Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.5, and Linux RealPlayer 11.0.2.1744 allows remote attackers to execute arbitrary code via a crafted conditional component in AAC frame data. Desbordamiento de buffer basado en montón en RealNetworks RealPlayer v11.0 hasta v11.1, RealPlayer SP v1.0 hasta v1.1.5, y Linux RealPlayer v11.0.2.1744, permite a atacantes remotos ejecutar código de su elección a través de un componente condicional en una trama de datos AAC This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks Real Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the application's implementation of the Advanced Audio Coding compression format. When decoding a conditional component of a data block within an AAC frame the application will decompress lossy audio sample data outside the bounds of a buffer. This memory corruption can lead to code execution under the context of the application. • http://osvdb.org/69854 http://service.real.com/realplayer/security/12102010_player/en http://www.securitytracker.com/id?1024861 http://www.zerodayinitiative.com/advisories/ZDI-10-267 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2010-4396 – RealNetworks RealPlayer Cross-Zone Scripting Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-4396
Cross-zone scripting vulnerability in the HandleAction method in a certain ActiveX control in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.5, and RealPlayer Enterprise 2.1.2 allows remote attackers to inject arbitrary web script or HTML in the Local Zone by specifying a local file in a NavigateToURL action, as demonstrated by a local skin file. Vulnerabilidad de secuencias de comandos en zonas cruzadas en el método HandleAction en control ActiveX en RealNetworks RealPlayer v11.0 hasta v11.1, RealPlayer SP v1.0 hasta v1.1.5, y RealPlayer Enterprise v2.1.2, permite a atacantes remotos inyectar código web o HTML de su elección en "Local Zone" especificando un archivo local en una acción NavigateToURL, como se demostró con un archivo local de "skin" This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is requires in that a target must navigate to a malicious page. The specific flaw exists within the HandleAction method of the RealPlayer ActiveX control with CLSID FDC7A535-4070-4B92-A0EA-D9994BCC0DC5. The vulnerable action that can be invoked via this control is NavigateToURL. If NavigateToURL can be pointed to a controlled file on the user's system, RealPlayer can be made to execute scripts in the Local Zone. • http://osvdb.org/69855 http://service.real.com/realplayer/security/12102010_player/en http://www.securitytracker.com/id?1024861 http://www.zerodayinitiative.com/advisories/ZDI-10-275 • CWE-20: Improper Input Validation •