CVSS: 9.3EPSS: 81%CPEs: 1EXPL: 0CVE-2009-0375
https://notcve.org/view.php?id=CVE-2009-0375
Buffer overflow in a DLL file in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows remote attackers to execute arbitrary code via a crafted Internet Video Recording (IVR) file with a filename length field containing a large integer, which triggers overwrite of an arbitrary memory location with a 0x00 byte value, related to use of RealPlayer through a Windows Explorer plugin. Archivo dll en RealNetworks RealPlayer 11, permite a atacantes remotos ejecutar código de su elección a través de un archivo Internet Video Recording (IVR) manipulado con un campo con un nombre de archivo largo que contiene un entero largo, lo que provoca la sobreescritura de una región de memoria con un valor en bytes de 0x00, relacionado con el uso de RealPlayer a través del componente de Windows Explorer. • http://secunia.com/advisories/33810 http://secunia.com/advisories/38218 http://service.real.com/realplayer/security/01192010_player/en http://www.fortiguardcenter.com/advisory/FGA-2009-04.html http://www.securityfocus.com/archive/1/500722/100/0/threaded http://www.securityfocus.com/bid/33652 http://www.vupen.com/english/advisories/2010/0178 https://exchange.xforce.ibmcloud.com/vulnerabilities/48567 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 95%CPEs: 1EXPL: 0CVE-2009-0376 – RealNetworks RealPlayer IVR Format Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2009-0376
Heap-based buffer overflow in a DLL file in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows remote attackers to execute arbitrary code via a crafted Internet Video Recording (IVR) file with a modified field that controls an unspecified structure length and triggers heap corruption, related to use of RealPlayer through a Windows Explorer plugin. Archivo dll en RealNetworks RealPlayer 11, permite a atacantes remotos ejecutar código de su elección a través de un archivo Internet Video Recording (IVR) manipulado con un campo modificado que controla el tamaño de una estructura sin especificar y lanza una corrupción en el montículo (heap), relacionado con el uso de RealPlayer a través del componente de Windows Explorer. This vulnerability allows attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within RealPlayer's parsing of IVR files. The process trusts size values present in the file and uses them unsafely in various file I/O and memory allocation operations. • http://secunia.com/advisories/33810 http://secunia.com/advisories/38218 http://service.real.com/realplayer/security/01192010_player/en http://www.fortiguardcenter.com/advisory/FGA-2009-04.html http://www.securityfocus.com/archive/1/500722/100/0/threaded http://www.securityfocus.com/archive/1/509097/100/0/threaded http://www.securityfocus.com/bid/33652 http://www.vupen.com/english/advisories/2010/0178 http://www.zerodayinitiative.com/advisories/ZDI-10-009 https://exchange.xforce • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 95%CPEs: 4EXPL: 3CVE-2008-1309 – RealNetworks RealPlayer rmoc3260 ActiveX Control Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2008-1309
The RealAudioObjects.RealAudio ActiveX control in rmoc3260.dll in RealNetworks RealPlayer Enterprise, RealPlayer 10, RealPlayer 10.5 before build 6.0.12.1675, and RealPlayer 11 before 11.0.3 build 6.0.14.806 does not properly manage memory for the (1) Console or (2) Controls property, which allows remote attackers to execute arbitrary code or cause a denial of service (browser crash) via a series of assignments of long string values, which triggers an overwrite of freed heap memory. El control de ActiveX RealAudioObjects.RealAudio en rmoc3260.dll en RealNetworks RealPlayer Enterprise, RealPlayer 10, RealPlayer 10.5 en versiones anteriores a build 6.0.12.1675 y RealPlayer 11 en versiones anteriores a 11.0.3 build 6.0.14.806 no gestiona adecuadamente la memoria para la propiedad (1) Console o (2) Controls, lo que permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (caída del navegador) a través de una serie de asignaciones de valores de cadena larga, lo que desencadena una sobrescritura de la memoria dinámica liberada. This vulnerability allows remote attackers to execute code on vulnerable installations of RealPlayer. User interaction is required in that a user must visit a malicious web site. The specific flaw exists in the rmoc3260 ActiveX control exposed through the following CLSIDs: CFCDAA03-8BE4-11cf-B84B-0020AFBBCCFA 0FDF6D6B-D672-463B-846E-C6FF49109662 224E833B-2CC6-42D9-AE39-90B6A38A4FA2 2F542A2E-EDC9-4BF7-8CB1-87C9919F7F93 3B46067C-FD87-49B6-8DDD-12F0D687035F 3B5E0503-DE28-4BE8-919C-76E0E894A3C2 44CCBCEB-BA7E-4C99-A078-9F683832D493 A1A41E11-91DB-4461-95CD-0C02327FD934 CFCDA953-8BE4-11CF-B84B-0020AFBBCCFA Specifying malicious values for the 'Controls' or 'Console' properties with a specific timing results in a memory corruption which can lead to code execution under the context of the current user. • https://www.exploit-db.com/exploits/5332 https://www.exploit-db.com/exploits/16584 http://lists.grok.org.uk/pipermail/full-disclosure/2008-March/060659.html http://secunia.com/advisories/29315 http://service.real.com/realplayer/security/07252008_player/en http://www.kb.cert.org/vuls/id/831457 http://www.securityfocus.com/archive/1/494779/100/0/threaded http://www.securityfocus.com/bid/28157 http://www.securitytracker.com/id?1019576 http://www.securitytracker.com/id?102 • CWE-399: Resource Management Errors •
CVSS: 10.0EPSS: 27%CPEs: 1EXPL: 0CVE-2008-0098
https://notcve.org/view.php?id=CVE-2008-0098
Buffer overflow in RealPlayer 11 build 6.0.14.748 allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: As of 20080103, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. Desbordamiento de búfer en RealPlayer 11 build 6.0.14.748 permite a atacantes remotos ejecutar código de su elección mediante vectores no especificados. NOTA: a día 20080103, esta averiguación no dispone de información ejecutable. Sin embargo, dado que el autor de VulnDisco Pack es un investigador reputado, a este asunto se le asigna un identificador CVE por motivos de seguimiento. • http://gleg.net/realplayer11.html http://lists.immunitysec.com/pipermail/dailydave/2008-January/004811.html http://secunia.com/advisories/28276 http://www.securityfocus.com/bid/27091 http://www.securitytracker.com/id?1019153 http://www.us-cert.gov/current/index.html#public_exploit_code_for_realplayer http://www.vupen.com/english/advisories/2008/0016 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.0EPSS: 2%CPEs: 3EXPL: 1CVE-2007-6224
https://notcve.org/view.php?id=CVE-2007-6224
The RealNetworks RealAudioObjects.RealAudio ActiveX control in rmoc3260.dll, as shipped with RealPlayer 11, allows remote attackers to cause a denial of service (browser crash) via a certain argument to the GetSourceTransport method. El controlador ActiveX RealNetworks RealAudioObjects.RealAudio en rmoc3260.dll, como envio con RealPlayer 11, permite a atacantes remotoso provocar denegación de servicio (caida del navegador) a través de ciertos argumentos del método GetSourceTransport. • http://securityreason.com/securityalert/3415 http://www.safehack.com/Advisory/realpdos.txt http://www.securityfocus.com/archive/1/484401/100/0/threaded http://www.securityfocus.com/bid/26660 https://exchange.xforce.ibmcloud.com/vulnerabilities/38778 • CWE-20: Improper Input Validation •