CVE-2003-0726 – RealOne Player 1.0/2.0/6.0.10/6.0.11 - '.SMIL' File Script Execution
https://notcve.org/view.php?id=CVE-2003-0726
RealOne player allows remote attackers to execute arbitrary script in the "My Computer" zone via a SMIL presentation with a URL that references a scripting protocol, which is executed in the security context of the previously loaded URL, as demonstrated using a "javascript:" URL in the area tag. • https://www.exploit-db.com/exploits/23043 http://securitytracker.com/id?1007532 http://www.digitalpranksters.com/advisories/realnetworks/smilscriptprotocol.html http://www.securityfocus.com/archive/1/335293 http://www.securityfocus.com/bid/8453 http://www.service.real.com/help/faq/security/securityupdate_august2003.html https://exchange.xforce.ibmcloud.com/vulnerabilities/13028 •
CVE-2003-0141
https://notcve.org/view.php?id=CVE-2003-0141
The PNG deflate algorithm in RealOne Player 6.0.11.x and earlier, RealPlayer 8/RealPlayer Plus 8 6.0.9.584, and other versions allows remote attackers to corrupt the heap and overwrite arbitrary memory via a PNG graphic file format containing compressed data using fixed trees that contain the length values 286-287, which are treated as a very large length. • http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0156.html http://marc.info/?l=bugtraq&m=104887465427579&w=2 http://www.coresecurity.com/common/showdoc.php?idx=311&idxseccion=10 http://www.kb.cert.org/vuls/id/705761 http://www.securityfocus.com/bid/7177 •
CVE-2002-1015
https://notcve.org/view.php?id=CVE-2002-1015
RealJukebox 2 1.0.2.340 and 1.0.2.379, and RealOne Player Gold 6.0.10.505, allows remote attackers to execute arbitrary script in the Local computer zone by inserting the script into the skin.ini file of an RJS archive, then referencing skin.ini from a web page after it has been extracted, which is parsed as HTML by Internet Explorer or other Microsoft-based web readers. • http://archives.neohapsis.com/archives/bugtraq/2002-07/0130.html http://service.real.com/help/faq/security/bufferoverrun07092002.html http://www.iss.net/security_center/static/9539.php http://www.kb.cert.org/vuls/id/888547 http://www.securityfocus.com/bid/5210 •
CVE-2002-1014 – Real Networks RealJukebox 1.0.2/RealOne 6.0.10 Player Gold - Skinfile Buffer Overflow
https://notcve.org/view.php?id=CVE-2002-1014
Buffer overflow in RealJukebox 2 1.0.2.340 and 1.0.2.379, and RealOne Player Gold 6.0.10.505, allows remote attackers to execute arbitrary code via an RFS skin file whose skin.ini contains a long value in a CONTROLnImage argument, such as CONTROL1Image. • https://www.exploit-db.com/exploits/21615 http://archives.neohapsis.com/archives/bugtraq/2002-07/0127.html http://service.real.com/help/faq/security/bufferoverrun07092002.html http://www.iss.net/security_center/static/9538.php http://www.kb.cert.org/vuls/id/843667 http://www.securityfocus.com/bid/5217 •
CVE-2002-0207 – RealPlayer 7.0/8.0 - Media File Buffer Overflow
https://notcve.org/view.php?id=CVE-2002-0207
Buffer overflow in Real Networks RealPlayer 8.0 and earlier allows remote attackers to execute arbitrary code via a header length value that exceeds the actual length of the header. Desbordamiento del búfer en la aplicación Real Networks RealPlayer 8.0 y versiones anteriores, permite a atacantes remotos ejecutar código arbitrario usando un valor de longitud de cabecera que excede la longitud actual de cabecera. • https://www.exploit-db.com/exploits/21207 http://archives.neohapsis.com/archives/vuln-dev/2002-q1/0044.html http://online.securityfocus.com/archive/1/252414 http://online.securityfocus.com/archive/1/252425 http://sentinelchicken.com/advisories/realplayer http://www.iss.net/security_center/static/7839.php http://www.securityfocus.com/bid/3809 •