Page 2 of 173 results (0.011 seconds)

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1

Improper handling of a repeating VRAT chunk in qcpfformat.dll allows attackers to cause a Null pointer dereference and crash in RealNetworks RealPlayer 18.1.5.705 through a crafted .QCP media file. Manejo incorrecto de un fragmento VRAT repetido en qcpfformat.dll permite a atacantes provocar una referencia a un puntero nulo y caída en RealNetworks RealPlayer 18.1.5.705 mediante un archivo multimedia .QCP manipulado. • https://www.exploit-db.com/exploits/40617 http://www.securityfocus.com/bid/94239 • CWE-476: NULL Pointer Dereference •

CVSS: 9.3EPSS: 3%CPEs: 2EXPL: 0

Multiple buffer overflows in RealNetworks RealPlayer before 17.0.10.8 allow remote attackers to execute arbitrary code via a malformed (1) elst or (2) stsz atom in an MP4 file. Múltiples desbordamientos de buffer en RealNetworks RealPlayer anterior a 17.0.10.8 permiten a atacantes remotos ejecutar código arbitrario a través de un átomo (1) elst or (2) stsz malformado en un fichero MP4. • http://secunia.com/advisories/59238 http://service.real.com/realplayer/security/06272014_player/en http://www.fortiguard.com/advisory/RealNetworks-RealPlayer-Memory-Corruption http://www.securitytracker.com/id/1030524 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 9.3EPSS: 3%CPEs: 5EXPL: 2

The GetGUID function in codecs/dmp4.dll in RealNetworks RealPlayer 16.0.3.51 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (write access violation and application crash) via a malformed .3gp file. La función GetGUID en codecs/dmp4.dll en RealNetworks RealPlayer 16.0.3.51 y anteriores permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (violación de acceso a escritura y caída de aplicación) a través de un archivo .3gp malformado. Realplayer version 16.0.3.51 suffers from a memory corruption vulnerability. • https://www.exploit-db.com/exploits/39182 http://packetstormsecurity.com/files/126637 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 7.5EPSS: 96%CPEs: 50EXPL: 2

Multiple stack-based buffer overflows in RealNetworks RealPlayer before 17.0.4.61 on Windows, and Mac RealPlayer before 12.0.1.1738, allow remote attackers to execute arbitrary code via a long (1) version number or (2) encoding declaration in the XML declaration of an RMP file, a different issue than CVE-2013-6877. Múltiples desbordamientos de buffer basados en pila en RealNetworks RealPlayer anteriores a 17.0.4.61 en Windows, y Mac RealPlayer anteriores a 12.0.1.1738, permite a atacantes remotos ejecutar código arbitrario a través de (1) un número de versión largo o (2) una declaración de codificación larga en la declaración XML de un fichero RMP, un problema distinto al CVE-2013-6877. • https://www.exploit-db.com/exploits/30468 http://service.real.com/realplayer/security/12202013_player/en http://www.exploit-db.com/exploits/30468 http://www.kb.cert.org/vuls/id/698278 http://www.securityfocus.com/bid/64695 https://exchange.xforce.ibmcloud.com/vulnerabilities/90160 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 9.3EPSS: 75%CPEs: 2EXPL: 3

Heap-based buffer overflow in RealNetworks RealPlayer before 17.0.4.61 on Windows, and Mac RealPlayer before 12.0.1.1738, allows remote attackers to execute arbitrary code via a long string in the TRACKID element of an RMP file, a different vulnerability than CVE-2013-7260. Desbordamiento de buffer basado en memoria dinámica en RealNetworks RealPlayer 16.0.2.32 y 16.0.3.51 permite a atacantes remotos ejecutar código de forma arbitraria a través de una cadena larga en el elemento TRACKID de un archivo RMP. • https://www.exploit-db.com/exploits/30468 http://archives.neohapsis.com/archives/bugtraq/2013-12/0104.html http://packetstormsecurity.com/files/124535 http://service.real.com/realplayer/security/12202013_player/en http://www.coresecurity.com/advisories/realplayer-heap-based-buffer-overflow-vulnerability http://www.securityfocus.com/bid/64398 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •