CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2008-3064
https://notcve.org/view.php?id=CVE-2008-3064
Unspecified vulnerability in RealNetworks RealPlayer Enterprise, RealPlayer 10, and RealPlayer 10.5 before build 6.0.12.1675 has unknown impact and attack vectors, probably related to accessing local files, aka a "Local resource reference vulnerability." Vulnerabilidad sin especificar en RealNetworks RealPlayer Enterprise, RealPlayer 10, y RealPlayer 10.5 anterior a la build 6.0.12.1675 tiene un impacto y vectores de ataque desconocidos, probablemente relacionados con el acceso a archivos locales, también conocida como "vulnerabilidad de referencia a un recurso local". • http://service.real.com/realplayer/security/07252008_player/en http://www.securityfocus.com/archive/1/494934/100/0/threaded http://www.securityfocus.com/bid/30378 http://www.securitytracker.com/id?1020564 http://www.vupen.com/english/advisories/2008/2194/references https://exchange.xforce.ibmcloud.com/vulnerabilities/44014 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.3EPSS: 77%CPEs: 3EXPL: 0CVE-2007-5400 – RealPlayer: SWF Frame Handling Buffer Overflow
https://notcve.org/view.php?id=CVE-2007-5400
Heap-based buffer overflow in the Shockwave Flash (SWF) frame handling in RealNetworks RealPlayer 10.5 Build 6.0.12.1483 might allow remote attackers to execute arbitrary code via a crafted SWF file. Desbordamiento de búfer basado en montículo en el manejador de ventanas (SWF) en RealNetworks RealPlayer 10.5 Build 6.0.12.1483, puede permitir a atacantes remotos ejecutar código de su elección a través de un archivo SWF manipulado. • http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html http://secunia.com/advisories/27620 http://secunia.com/advisories/31321 http://secunia.com/advisories/35416 http://secunia.com/secunia_research/2007-93/advisory http://securityreason.com/securityalert/4048 http://service.real.com/realplayer/security/07252008_player/en http://www.kb.cert.org/vuls/id/298651 http://www.redhat.com/support/errata/RHSA-2008-0812.html http://www.securityfocus.com/archive/1/494749& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 95%CPEs: 2EXPL: 0CVE-2008-3066 – RealNetworks RealPlayer Library File Deletion Stack Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2008-3066
Stack-based buffer overflow in a certain ActiveX control in rjbdll.dll in RealNetworks RealPlayer Enterprise, RealPlayer 10, and RealPlayer 10.5 before build 6.0.12.1675 allows remote attackers to execute arbitrary code by importing a file into a media library and then deleting this file. Desbordamiento de búfer basado en pila en ciertos controles ActiveX en rjbdll.dll en RealNetworks RealPlayer Enterprise, RealPlayer 10, y RealPlayer 10.5 anterior a la build 6.0.12.1675, permite a atacantes remotos ejecutar código de su elección importando un archivo a una librería de medios y posteriormente eliminando el mencionado archivo. This vulnerability allows remote attackers to execute arbitrary code on systems with vulnerable installations of the RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists in RealPlayer's rjbdll.dll module when handling the deletion of media library files. An attacker could exploit this vulnerability using an ActiveX control {FDC7A535-4070-4B92-A0EA-D9994BCC0DC5} to import a vulnerable file into the user's media library. • http://securitytracker.com/id?1020565 http://service.real.com/realplayer/security/07252008_player/en http://www.kb.cert.org/vuls/id/461187 http://www.securityfocus.com/archive/1/494778/100/0/threaded http://www.securityfocus.com/bid/30376 http://www.securityfocus.com/bid/30379 http://www.vupen.com/english/advisories/2008/2194/references http://www.zerodayinitiative.com/advisories/ZDI-08-046 https://exchange.xforce.ibmcloud.com/vulnerabilities/44013 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 95%CPEs: 4EXPL: 3CVE-2008-1309 – RealNetworks RealPlayer rmoc3260 ActiveX Control Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2008-1309
The RealAudioObjects.RealAudio ActiveX control in rmoc3260.dll in RealNetworks RealPlayer Enterprise, RealPlayer 10, RealPlayer 10.5 before build 6.0.12.1675, and RealPlayer 11 before 11.0.3 build 6.0.14.806 does not properly manage memory for the (1) Console or (2) Controls property, which allows remote attackers to execute arbitrary code or cause a denial of service (browser crash) via a series of assignments of long string values, which triggers an overwrite of freed heap memory. El control de ActiveX RealAudioObjects.RealAudio en rmoc3260.dll en RealNetworks RealPlayer Enterprise, RealPlayer 10, RealPlayer 10.5 en versiones anteriores a build 6.0.12.1675 y RealPlayer 11 en versiones anteriores a 11.0.3 build 6.0.14.806 no gestiona adecuadamente la memoria para la propiedad (1) Console o (2) Controls, lo que permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (caída del navegador) a través de una serie de asignaciones de valores de cadena larga, lo que desencadena una sobrescritura de la memoria dinámica liberada. This vulnerability allows remote attackers to execute code on vulnerable installations of RealPlayer. User interaction is required in that a user must visit a malicious web site. The specific flaw exists in the rmoc3260 ActiveX control exposed through the following CLSIDs: CFCDAA03-8BE4-11cf-B84B-0020AFBBCCFA 0FDF6D6B-D672-463B-846E-C6FF49109662 224E833B-2CC6-42D9-AE39-90B6A38A4FA2 2F542A2E-EDC9-4BF7-8CB1-87C9919F7F93 3B46067C-FD87-49B6-8DDD-12F0D687035F 3B5E0503-DE28-4BE8-919C-76E0E894A3C2 44CCBCEB-BA7E-4C99-A078-9F683832D493 A1A41E11-91DB-4461-95CD-0C02327FD934 CFCDA953-8BE4-11CF-B84B-0020AFBBCCFA Specifying malicious values for the 'Controls' or 'Console' properties with a specific timing results in a memory corruption which can lead to code execution under the context of the current user. • https://www.exploit-db.com/exploits/5332 https://www.exploit-db.com/exploits/16584 http://lists.grok.org.uk/pipermail/full-disclosure/2008-March/060659.html http://secunia.com/advisories/29315 http://service.real.com/realplayer/security/07252008_player/en http://www.kb.cert.org/vuls/id/831457 http://www.securityfocus.com/archive/1/494779/100/0/threaded http://www.securityfocus.com/bid/28157 http://www.securitytracker.com/id?1019576 http://www.securitytracker.com/id?102 • CWE-399: Resource Management Errors •
CVSS: 10.0EPSS: 27%CPEs: 1EXPL: 0CVE-2008-0098
https://notcve.org/view.php?id=CVE-2008-0098
Buffer overflow in RealPlayer 11 build 6.0.14.748 allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: As of 20080103, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. Desbordamiento de búfer en RealPlayer 11 build 6.0.14.748 permite a atacantes remotos ejecutar código de su elección mediante vectores no especificados. NOTA: a día 20080103, esta averiguación no dispone de información ejecutable. Sin embargo, dado que el autor de VulnDisco Pack es un investigador reputado, a este asunto se le asigna un identificador CVE por motivos de seguimiento. • http://gleg.net/realplayer11.html http://lists.immunitysec.com/pipermail/dailydave/2008-January/004811.html http://secunia.com/advisories/28276 http://www.securityfocus.com/bid/27091 http://www.securitytracker.com/id?1019153 http://www.us-cert.gov/current/index.html#public_exploit_code_for_realplayer http://www.vupen.com/english/advisories/2008/0016 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •