CVSS: 7.5EPSS: 24%CPEs: 2EXPL: 2CVE-2010-0416 – Helix Player 11.0.2 - Encoded URI Processing Buffer Overflow
https://notcve.org/view.php?id=CVE-2010-0416
Buffer overflow in the Unescape function in common/util/hxurl.cpp and player/hxclientkit/src/CHXClientSink.cpp in Helix Player 1.0.6 and RealPlayer allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a URL argument containing a % (percent) character that is not followed by two hex digits. Desbordamiento de búfer en la función Unescape en common/util/hxurl.cpp y player/hxclientkit/src/CHXClientSink.cpp en Helix Player v1.0.6 y RealPlayer, permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) o posiblemente la ejecución de código de su elección a través de un argumento URL que contiene caracteres de % (porcentaje) que no están seguidos por dos dígitos hexadecimales. • https://www.exploit-db.com/exploits/33620 http://lists.helixcommunity.org/pipermail/common-cvs/2007-July/014956.html http://secunia.com/advisories/38450 http://www.redhat.com/support/errata/RHSA-2010-0094.html https://bugzilla.redhat.com/show_bug.cgi?id=561856 https://helixcommunity.org/viewcvs/common/util/hxurl.cpp?view=log#rev1.24.4.1.4.1 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10847 https://access.redhat.com/security/cve/CVE-2010&# • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 10%CPEs: 23EXPL: 0CVE-2009-4248 – RealPlayer: RTSP SET_PARAMETER buffer overflow
https://notcve.org/view.php?id=CVE-2009-4248
Buffer overflow in the RTSPProtocol::HandleSetParameterRequest function in client/core/rtspprotocol.cpp in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted RTSP SET_PARAMETER request. Un desbordamiento de búfer en la función RTSPProtocol::HandleSetParameterRequest en el archivo client/core/rtspprotocol.cpp en RealPlayer versión 10, RealPlayer versiones 10,5 6.0.12.1040 hasta 6.0.12.1741, RealPlayer versiones 11 11.0.0 hasta 11.0.4, RealPlayer Enterprise, Mac RealPlayer versiones 10 y 10.1, Linux RealPlayer versión 10, y Helix Player versiones 10.x, de RealNetworks, permite a los atacantes remotos causar una denegación de servicio (bloqueo de la aplicación) o posiblemente ejecutar código arbitrario por medio de una petición RTSP SET_PARAMETER especialmente diseñada. • http://lists.helixcommunity.org/pipermail/client-cvs/2008-January/003756.html http://lists.helixcommunity.org/pipermail/client-cvs/2008-January/003759.html http://lists.helixcommunity.org/pipermail/client-dev/2008-January/004591.html http://secunia.com/advisories/38218 http://secunia.com/advisories/38450 http://securitytracker.com/id?1023489 http://service.real.com/realplayer/security/01192010_player/en http://www.redhat.com/support/errata/RHSA-2010-0094.html http://www.securityfocus.com/bid/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 1%CPEs: 23EXPL: 0CVE-2009-4243
https://notcve.org/view.php?id=CVE-2009-4243
RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allow remote attackers to have an unspecified impact via a crafted media file that uses HTTP chunked transfer coding, related to an "overflow." RealNetworks RealPlayer 10, RealPlayer v10.5 6.0.12.1040 hasta v6.0.12.1741, RealPlayer 11 v11.0.0 hasta v11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 y v10.1, Linux RealPlayer 10, y Helix Player v10.x, permite a atacantes remotos tener un impacto no especificado a través de un fichero de contenido multimedia que utilice codificación de transferencia fragmentada, relacionado con un desbordamiento. • http://osvdb.org/61967 http://secunia.com/advisories/38218 http://securitytracker.com/id?1023489 http://service.real.com/realplayer/security/01192010_player/en http://www.securityfocus.com/bid/37880 http://www.vupen.com/english/advisories/2010/0178 https://exchange.xforce.ibmcloud.com/vulnerabilities/55796 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 10%CPEs: 23EXPL: 0CVE-2009-4245 – RealPlayer: compressed GIF heap overflow
https://notcve.org/view.php?id=CVE-2009-4245
Heap-based buffer overflow in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a compressed GIF file, related to gifcodec.cpp and gifimage.cpp. Desbordamiento de búfer basado en memoria dinámica en RealNetworks RealPlayer 10, RealPlayer v10.5 6.0.12.1040 hasta v6.0.12.1741, RealPlayer 11 v11.0.0 hasta v11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 y v10.1, Linux RealPlayer 10, y Helix Player v10.x, permite a atacantes remotos tener un impacto no especificado a través de una imagen GIF comprimida. • http://lists.helixcommunity.org/pipermail/datatype-cvs/2008-July/008455.html http://osvdb.org/61969 http://secunia.com/advisories/38218 http://secunia.com/advisories/38450 http://securitytracker.com/id?1023489 http://service.real.com/realplayer/security/01192010_player/en http://www.redhat.com/support/errata/RHSA-2010-0094.html http://www.securityfocus.com/bid/37880 http://www.vupen.com/english/advisories/2010/0178 https://bugzilla.redhat.com/show_bug.cgi?id=561441 https:/&# • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 10%CPEs: 23EXPL: 0CVE-2009-4247 – RealPlayer: RTSP client ASM RuleBook stack buffer overflow
https://notcve.org/view.php?id=CVE-2009-4247
Stack-based buffer overflow in protocol/rtsp/rtspclnt.cpp in RealNetworks RealPlayer 10; RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741; RealPlayer 11 11.0.x; RealPlayer SP 1.0.0 and 1.0.1; RealPlayer Enterprise; Mac RealPlayer 10, 10.1, 11.0, and 11.0.1; Linux RealPlayer 10, 11.0.0, and 11.0.1; and Helix Player 10.x, 11.0.0, and 11.0.1 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an ASM RuleBook with a large number of rules, related to an "array overflow." Un desbordamiento de búfer en la región stack de la memoria en el archivo protocol/rtsp/rtspclnt.cpp en RealPlayer versión 10; RealPlayer versiones 10.5 6.0.12.1040 hasta 6.0.12.1741; RealPlayer versiones 11 11.0.x; RealPlayer SP versiones 1.0.0 y 1.0.1; RealPlayer Enterprise; Mac RealPlayer versiones 10, 10.1, 11.0 y 11.0.1; Linux RealPlayer versiones 10, 11.0.0 y 11.0.1; y Helix Player versiones 10.x, 11.0.0 y 11.0.1 de RealNetworks, permite a los atacantes remotos causar una denegación de servicio (bloqueo de aplicación) o posiblemente ejecutar código arbitrario por medio de un Reglamento ASM con un gran número de reglas, relacionadas con un "array overflow" • http://lists.helixcommunity.org/pipermail/helix-client-dev/2009-August/008092.html http://lists.helixcommunity.org/pipermail/protocol-cvs/2009-August/001943.html http://secunia.com/advisories/38218 http://secunia.com/advisories/38450 http://securitytracker.com/id?1023489 http://service.real.com/realplayer/security/01192010_player/en http://www.redhat.com/support/errata/RHSA-2010-0094.html http://www.securityfocus.com/bid/37880 http://www.vupen.com/english/advisories/2010/0178 https:/&#x • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •