Page 21 of 102 results (0.005 seconds)

CVSS: 10.0EPSS: 95%CPEs: 13EXPL: 1

Multiple integer overflows in the ParseKnownType function in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.4 on Windows allow remote attackers to execute arbitrary code via crafted (1) HX_FLV_META_AMF_TYPE_MIXEDARRAY or (2) HX_FLV_META_AMF_TYPE_ARRAY data in an FLV file. Múltiples desbordamientos de entero en la función ParseKnownType de RealNetworks RealPlayer v11.0 hasta la v11.1 y RealPlayer SP v1.0 hasta la v1.1.4 en Windows. Permite a atacantes remotos ejecutar código de su elección a través de datos (1) HX_FLV_META_AMF_TYPE_MIXEDARRAY o (2) HX_FLV_META_AMF_TYPE_ARRAY modificados en un fichero FLV. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. Authentication is not required to exploit this vulnerability. The specific flaw exists within the module responsible for handling the FLV file format. • https://www.exploit-db.com/exploits/14992 http://secunia.com/advisories/41096 http://secunia.com/advisories/41154 http://service.real.com/realplayer/security/08262010_player/en http://www.securityfocus.com/archive/1/513383/100/0/threaded http://www.securitytracker.com/id?1024370 http://www.vupen.com/english/advisories/2010/2216 http://www.zerodayinitiative.com/advisories/ZDI-10-167 https://exchange.xforce.ibmcloud.com/vulnerabilities/61423 https://oval.cisecurity.org/repository/search • CWE-189: Numeric Errors •

CVSS: 9.3EPSS: 95%CPEs: 3EXPL: 2

Stack-based buffer overflow in the Database Component in MPAMedia.dll in RealNetworks RealPlayer 10.5 and 11 beta, and earlier versions including 10, RealOne Player, and RealOne Player 2, allows remote attackers to execute arbitrary code via certain playlist names, as demonstrated via the import method to the IERPCtl ActiveX control in ierpplug.dll. Un desbordamiento de búfer en la región stack de la memoria en el Database Component en la biblioteca MPAMedia.dll en RealNetworks RealPlayer versiones 10.5 y 11 beta, y anteriores, incluyendo versión 10, RealOne Player y RealOne Player versión 2, permite a atacantes remotos ejecutar código arbitrario por medio de ciertos nombres de lista de reproducción, como es demostrado por medio del método import en el control ActiveX IERPCtl en la biblioteca ierpplug.dl. • https://www.exploit-db.com/exploits/16497 https://www.exploit-db.com/exploits/30692 http://secunia.com/advisories/27248 http://service.real.com/realplayer/security/191007_player/en http://www.infosecblog.org/2007/10/nasa-bans-ie.html http://www.kb.cert.org/vuls/id/871673 http://www.securityfocus.com/bid/26130 http://www.securitytracker.com/id?1018843 http://www.symantec.com/enterprise/security_response/weblog/2007/10/realplayer_exploit_on_the_loos.html http://www.us& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •