CVSS: 9.3EPSS: 0%CPEs: 17EXPL: 0CVE-2010-2578
https://notcve.org/view.php?id=CVE-2010-2578
Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.4, and RealPlayer Enterprise 2.1.2 allows remote attackers to have an unspecified impact via a crafted QCP file. Desbordamiento de buffer basado en pila en RealNetworks RealPlayer v11.0 hasta la v11.1, RealPlayer SP 1.0 hasta la v1.1.4, y RealPlayer Enterprise v2.1.2 permite a atacantes remotos tener un impacto sin especificar a través de un fichero QCP modificado. • http://service.real.com/realplayer/security/10152010_player/en http://www.securityfocus.com/bid/44144 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 0%CPEs: 17EXPL: 0CVE-2010-3748
https://notcve.org/view.php?id=CVE-2010-3748
Stack-based buffer overflow in the RichFX component in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.4, and RealPlayer Enterprise 2.1.2 allows remote attackers to have an unspecified impact via unknown vectors. Desbordamiento de buffer basado en pila en el componente RichFX de RealNetworks RealPlayer v11.0 hasta la v11.1, RealPlayer SP 1.0 hasta la v1.1.4, y RealPlayer Enterprise v2.1.2 permite a atacantes remotos provocar una impacto sin determinar a través de vectores desconocidos. • http://service.real.com/realplayer/security/10152010_player/en http://www.securityfocus.com/bid/44144 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 18%CPEs: 16EXPL: 0CVE-2010-3751 – RealNetworks RealPlayer Multiple Protocol Handlers Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-3751
Multiple heap-based buffer overflows in an ActiveX control in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.4 allow remote attackers to execute arbitrary code via a long .smil argument to the (1) tfile, (2) pnmm, or (3) cdda protocol handler. Múltiples desbordamientos de buffer de memoria dinámica en un control ActiveX de RealNetworks RealPlayer v11.0 hasta la v11.1 y RealPlayer SP 1.0 hasta la v1.1.4 permiten a atacantes remotos ejecutar código de su elección a través de un argumento .smil extenso al manejador del protocolo (1) tfile, (2) pnmm, o (3) cdda. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists within the RealPlayer ActiveX control. This module is responsible for handling the tfile, pnmm, cdda, protocol handlers. • http://service.real.com/realplayer/security/10152010_player/en http://www.securityfocus.com/bid/44144 http://www.zerodayinitiative.com/advisories/ZDI-10-213 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 95%CPEs: 17EXPL: 1CVE-2010-3747 – RealNetworks RealPlayer ActiveX Control CDDA URI Uninitialized Pointer Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-3747
An ActiveX control in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.4, and RealPlayer Enterprise 2.1.2 does not properly initialize an unspecified object component during parsing of a CDDA URI, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized pointer dereference and application crash) via a long URI. Un control ActiveX en RealNetworks RealPlayer v11.0 hasta la v11.1, RealPlayer SP v1.0 hasta la v1.1.4, y RealPlayer Enterprise v2.1.2 no inicializa apropiadamente un componente objeto sin especificar durante el parseo de una URI CDDA, lo que permite a atacantes remotos ejecutar código de su elección o provocar una denegación de servicio (resolución de puntero sin inicializar y caída de la aplicación) a través de una URI extensa. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists during the parsing of long CDDA URIs due to a failure to initialize a particular component of an object. The application will later call a method in the object leading to the uninitialized pointer being called. • https://www.exploit-db.com/exploits/16998 http://securityreason.com/securityalert/8147 http://service.real.com/realplayer/security/10152010_player/en http://www.securityfocus.com/bid/44144 http://www.zerodayinitiative.com/advisories/ZDI-10-210 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 12%CPEs: 9EXPL: 0CVE-2010-2998 – RealNetworks RealPlayer Malformed IVR Pointer Index Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-2998
Array index error in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.0.1 allows remote attackers to execute arbitrary code via malformed sample data in a RealMedia .IVR file, related to a "malformed IVR pointer index" issue. Error de índice de array en RealNetworks RealPlayer v11.0 hasta la v11.1 y RealPlayer SP 1.0 hasta la v1.0.1 permite a atacantes remotos ejecutar código de su elección a través de datos de muestra mal formados en un fichero RealMedia .IVR. Relacionado con un problema de "índice de puntero IVR mal formado". This vulnerability allows attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists when parsing a RealMedia .IVR file containing malformed sample data. • http://service.real.com/realplayer/security/10152010_player/en http://www.securityfocus.com/bid/44144 http://www.zerodayinitiative.com/advisories/ZDI-10-209 • CWE-20: Improper Input Validation •