Page 21 of 164 results (0.005 seconds)

CVSS: 9.3EPSS: 40%CPEs: 13EXPL: 0

RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.4 on Windows do not properly handle dimensions during YUV420 transformations, which might allow remote attackers to execute arbitrary code via crafted MP4 content. RealNetworks RealPlayer v11.0 hasta la v11.1 y RealPlayer SP v1.0 hasta la v1.1.4 en Windows no maneja apropiadamente las dimensiones durante las transformaciones YUV420, lo que puede permitir a atacantes remotos ejecutar código de su elección a través de contenidos MP4 modificados. • http://secunia.com/advisories/41096 http://secunia.com/advisories/41154 http://secunia.com/secunia_research/2010-5 http://service.real.com/realplayer/security/08262010_player/en http://www.securitytracker.com/id?1024370 http://www.vupen.com/english/advisories/2010/2216 https://exchange.xforce.ibmcloud.com/vulnerabilities/61421 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7169 •

CVSS: 9.3EPSS: 0%CPEs: 3EXPL: 0

Unspecified vulnerability in RealNetworks RealPlayer 11.0 through 11.1 allows attackers to bypass intended access restrictions on files via unknown vectors. Vulnerabilidad sin especificar en RealNetworks RealPlayer v11.0 hasta la v11.1. Permite a atacantes evitar las restricciones de acceso previstas en ficheros a través de vectores de ataque desconocidos. • http://secunia.com/advisories/41154 http://service.real.com/realplayer/security/08262010_player/en http://www.securitytracker.com/id?1024370 http://www.vupen.com/english/advisories/2010/2216 https://exchange.xforce.ibmcloud.com/vulnerabilities/61426 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7227 •

CVSS: 10.0EPSS: 52%CPEs: 3EXPL: 0

Array index error in RealNetworks RealPlayer 11.0 through 11.1 on Windows allows remote attackers to execute arbitrary code via a malformed header in a RealMedia .IVR file. Error de índice de array en RealNetworks RealPlayer v11.0 hasta la v11.1 en Windows. Permite a atacantes remotos ejecutar código de su elección a través de cabeceras mal formadas en un fichero RealMedia .IVR. This vulnerability allows attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists when parsing a RealMedia .IVR file containing a malformed data header. • http://secunia.com/advisories/41154 http://service.real.com/realplayer/security/08262010_player/en http://www.securityfocus.com/archive/1/513381/100/0/threaded http://www.securitytracker.com/id?1024370 http://www.vupen.com/english/advisories/2010/2216 http://www.zerodayinitiative.com/advisories/ZDI-10-166 https://exchange.xforce.ibmcloud.com/vulnerabilities/61425 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6703 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 10.0EPSS: 95%CPEs: 13EXPL: 1

Multiple integer overflows in the ParseKnownType function in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.4 on Windows allow remote attackers to execute arbitrary code via crafted (1) HX_FLV_META_AMF_TYPE_MIXEDARRAY or (2) HX_FLV_META_AMF_TYPE_ARRAY data in an FLV file. Múltiples desbordamientos de entero en la función ParseKnownType de RealNetworks RealPlayer v11.0 hasta la v11.1 y RealPlayer SP v1.0 hasta la v1.1.4 en Windows. Permite a atacantes remotos ejecutar código de su elección a través de datos (1) HX_FLV_META_AMF_TYPE_MIXEDARRAY o (2) HX_FLV_META_AMF_TYPE_ARRAY modificados en un fichero FLV. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. Authentication is not required to exploit this vulnerability. The specific flaw exists within the module responsible for handling the FLV file format. • https://www.exploit-db.com/exploits/14992 http://secunia.com/advisories/41096 http://secunia.com/advisories/41154 http://service.real.com/realplayer/security/08262010_player/en http://www.securityfocus.com/archive/1/513383/100/0/threaded http://www.securitytracker.com/id?1024370 http://www.vupen.com/english/advisories/2010/2216 http://www.zerodayinitiative.com/advisories/ZDI-10-167 https://exchange.xforce.ibmcloud.com/vulnerabilities/61423 https://oval.cisecurity.org/repository/search • CWE-189: Numeric Errors •

CVSS: 9.3EPSS: 10%CPEs: 23EXPL: 0

Buffer overflow in the RTSPProtocol::HandleSetParameterRequest function in client/core/rtspprotocol.cpp in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted RTSP SET_PARAMETER request. Un desbordamiento de búfer en la función RTSPProtocol::HandleSetParameterRequest en el archivo client/core/rtspprotocol.cpp en RealPlayer versión 10, RealPlayer versiones 10,5 6.0.12.1040 hasta 6.0.12.1741, RealPlayer versiones 11 11.0.0 hasta 11.0.4, RealPlayer Enterprise, Mac RealPlayer versiones 10 y 10.1, Linux RealPlayer versión 10, y Helix Player versiones 10.x, de RealNetworks, permite a los atacantes remotos causar una denegación de servicio (bloqueo de la aplicación) o posiblemente ejecutar código arbitrario por medio de una petición RTSP SET_PARAMETER especialmente diseñada. • http://lists.helixcommunity.org/pipermail/client-cvs/2008-January/003756.html http://lists.helixcommunity.org/pipermail/client-cvs/2008-January/003759.html http://lists.helixcommunity.org/pipermail/client-dev/2008-January/004591.html http://secunia.com/advisories/38218 http://secunia.com/advisories/38450 http://securitytracker.com/id?1023489 http://service.real.com/realplayer/security/01192010_player/en http://www.redhat.com/support/errata/RHSA-2010-0094.html http://www.securityfocus.com/bid/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •