CVSS: 9.3EPSS: 75%CPEs: 2EXPL: 3CVE-2013-6877 – RealNetworks RealPlayer 16.0.3.51/16.0.2.32 - '.rmp' Version Attribute Buffer Overflow
https://notcve.org/view.php?id=CVE-2013-6877
Heap-based buffer overflow in RealNetworks RealPlayer before 17.0.4.61 on Windows, and Mac RealPlayer before 12.0.1.1738, allows remote attackers to execute arbitrary code via a long string in the TRACKID element of an RMP file, a different vulnerability than CVE-2013-7260. Desbordamiento de buffer basado en memoria dinámica en RealNetworks RealPlayer 16.0.2.32 y 16.0.3.51 permite a atacantes remotos ejecutar código de forma arbitraria a través de una cadena larga en el elemento TRACKID de un archivo RMP. • https://www.exploit-db.com/exploits/30468 http://archives.neohapsis.com/archives/bugtraq/2013-12/0104.html http://packetstormsecurity.com/files/124535 http://service.real.com/realplayer/security/12202013_player/en http://www.coresecurity.com/advisories/realplayer-heap-based-buffer-overflow-vulnerability http://www.securityfocus.com/bid/64398 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 6%CPEs: 42EXPL: 0CVE-2013-4973
https://notcve.org/view.php?id=CVE-2013-4973
Stack-based buffer overflow in RealNetworks RealPlayer before 16.0.3.51, and RealPlayer SP 1.0 through 1.1.5, allows remote attackers to execute arbitrary code via a crafted .rmp file. Desbordamiento de búfer basado en pila en RealNetworks RealPlayer anterior a v16.0.3.51, y RealPlayer SP v1.0 hasta v1.1.5, permite a atacantes remotos ejecutar código arbitrario a través de un archivo .rmp manipulado. • http://service.real.com/realplayer/security/08232013_player/en http://www.kb.cert.org/vuls/id/246524 http://www.securityfocus.com/bid/61989 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 0%CPEs: 42EXPL: 0CVE-2013-4974
https://notcve.org/view.php?id=CVE-2013-4974
RealNetworks RealPlayer before 16.0.3.51, and RealPlayer SP 1.0 through 1.1.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a malformed RealMedia file. RealNetworks RealPlayer anterior a v16.0.3.51, y RealPlayer SP v1.0 hasta v1.1.5, permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un archivo con formato incorrecto de RealMedia. • http://service.real.com/realplayer/security/08232013_player/en http://www.securityfocus.com/bid/61990 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.3EPSS: 0%CPEs: 39EXPL: 1CVE-2013-3299 – RealNetworks RealPlayer - Denial of Service
https://notcve.org/view.php?id=CVE-2013-3299
RealNetworks RealPlayer 16.0.2.32 and earlier allows remote attackers to cause a denial of service (resource consumption or application crash) via an HTML document containing JavaScript code that constructs a long string. RealNetworks RealPlayer v16.0.2.32 y anteriores permite a atacantes remotos provocar una denegación de servicio (por consumo de recursos o por caída de la aplicación) a través de un documento HTML que contiene código JavaScript que construye una cadena demasiado larga. Real Player versions 16.0.2.32 and below suffer from a denial of service vulnerability. • https://www.exploit-db.com/exploits/38623 http://seclists.org/bugtraq/2013/Jul/18 • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 0%CPEs: 48EXPL: 0CVE-2013-1750
https://notcve.org/view.php?id=CVE-2013-1750
Heap-based buffer overflow in RealNetworks RealPlayer before 16.0.1.18 and RealPlayer SP 1.0 through 1.1.5 allows remote attackers to execute arbitrary code via a malformed MP4 file. Un desbordamiento de búfer basado en memoria dinámica ('heap') en RealNetworks RealPlayer anterior a v16.0.1.18 y RealPlayer SP v1.0 hasta v1.1.5 que permite a atacantes remotos ejecutar código a través de ficheros MP4 manipulados. • http://service.real.com/realplayer/security/03152013_player/en • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •