CVSS: 5.0EPSS: 88%CPEs: 5EXPL: 3CVE-2009-2534 – Real Helix DNA - 'RTSP' / 'SETUP' Request Handler
https://notcve.org/view.php?id=CVE-2009-2534
RealNetworks Helix Server and Helix Mobile Server before 13.0.0 allow remote attackers to cause a denial of service (daemon crash) via an RTSP SETUP request that (1) specifies the / URI or (2) lacks a / character in the URI. RealNetworks Helix Server y Helix Mobile Server anterior a v13.0.0 permite a atacantes remotos provocar una denegación de servicio (caída del demonio) mediante una petición RTSP SETUP (1) especificando la URI / o (2) no poniendo los caracteres / en la URI. • https://www.exploit-db.com/exploits/9198 http://docs.real.com/docs/security/SecurityUpdate071409HS.pdf http://osvdb.org/55982 http://www.coresecurity.com/content/real-helix-dna http://www.exploit-db.com/exploits/9198 http://www.securityfocus.com/archive/1/505083/100/0/threaded http://www.securityfocus.com/bid/35732 http://www.vupen.com/english/advisories/2009/1947 • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 81%CPEs: 1EXPL: 0CVE-2009-0375
https://notcve.org/view.php?id=CVE-2009-0375
Buffer overflow in a DLL file in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows remote attackers to execute arbitrary code via a crafted Internet Video Recording (IVR) file with a filename length field containing a large integer, which triggers overwrite of an arbitrary memory location with a 0x00 byte value, related to use of RealPlayer through a Windows Explorer plugin. Archivo dll en RealNetworks RealPlayer 11, permite a atacantes remotos ejecutar código de su elección a través de un archivo Internet Video Recording (IVR) manipulado con un campo con un nombre de archivo largo que contiene un entero largo, lo que provoca la sobreescritura de una región de memoria con un valor en bytes de 0x00, relacionado con el uso de RealPlayer a través del componente de Windows Explorer. • http://secunia.com/advisories/33810 http://secunia.com/advisories/38218 http://service.real.com/realplayer/security/01192010_player/en http://www.fortiguardcenter.com/advisory/FGA-2009-04.html http://www.securityfocus.com/archive/1/500722/100/0/threaded http://www.securityfocus.com/bid/33652 http://www.vupen.com/english/advisories/2010/0178 https://exchange.xforce.ibmcloud.com/vulnerabilities/48567 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 95%CPEs: 1EXPL: 0CVE-2009-0376 – RealNetworks RealPlayer IVR Format Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2009-0376
Heap-based buffer overflow in a DLL file in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows remote attackers to execute arbitrary code via a crafted Internet Video Recording (IVR) file with a modified field that controls an unspecified structure length and triggers heap corruption, related to use of RealPlayer through a Windows Explorer plugin. Archivo dll en RealNetworks RealPlayer 11, permite a atacantes remotos ejecutar código de su elección a través de un archivo Internet Video Recording (IVR) manipulado con un campo modificado que controla el tamaño de una estructura sin especificar y lanza una corrupción en el montículo (heap), relacionado con el uso de RealPlayer a través del componente de Windows Explorer. This vulnerability allows attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within RealPlayer's parsing of IVR files. The process trusts size values present in the file and uses them unsafely in various file I/O and memory allocation operations. • http://secunia.com/advisories/33810 http://secunia.com/advisories/38218 http://service.real.com/realplayer/security/01192010_player/en http://www.fortiguardcenter.com/advisory/FGA-2009-04.html http://www.securityfocus.com/archive/1/500722/100/0/threaded http://www.securityfocus.com/archive/1/509097/100/0/threaded http://www.securityfocus.com/bid/33652 http://www.vupen.com/english/advisories/2010/0178 http://www.zerodayinitiative.com/advisories/ZDI-10-009 https://exchange.xforce • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 54%CPEs: 4EXPL: 0CVE-2008-5911
https://notcve.org/view.php?id=CVE-2008-5911
Multiple buffer overflows in RealNetworks Helix Server and Helix Mobile Server 11.x before 11.1.8 and 12.x before 12.0.1 allow remote attackers to (1) cause a denial of service via three crafted RTSP SETUP commands, or execute arbitrary code via (2) an NTLM authentication request with malformed base64-encoded data, (3) an RTSP DESCRIBE command, or (4) a DataConvertBuffer request. Múltiples desbordamientos de búfer en RealNetworks Helix Server y Helix Mobile Server v11.x anteriores a v11.1.8 y v12.x anteriores a v12.0.1 permite a atacantes remotos (1) provocar una denegación de servicio a través de tres comandos manipulados RTSP SETUP, o ejecutar código de su elección a través de (2) una petición de autenticación NTLM con datos malformados codificados en base64, (3) un comando RTSP DESCRIBE, o (4) una petición DataConvertBuffer. • http://docs.real.com/docs/security/SecurityUpdate121508HS.pdf http://secunia.com/advisories/33360 http://www.securitytracker.com/id?1021498 http://www.securitytracker.com/id?1021499 http://www.securitytracker.com/id?1021500 http://www.securitytracker.com/id?1021501 http://www.vupen.com/english/advisories/2008/3521 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2008-3064
https://notcve.org/view.php?id=CVE-2008-3064
Unspecified vulnerability in RealNetworks RealPlayer Enterprise, RealPlayer 10, and RealPlayer 10.5 before build 6.0.12.1675 has unknown impact and attack vectors, probably related to accessing local files, aka a "Local resource reference vulnerability." Vulnerabilidad sin especificar en RealNetworks RealPlayer Enterprise, RealPlayer 10, y RealPlayer 10.5 anterior a la build 6.0.12.1675 tiene un impacto y vectores de ataque desconocidos, probablemente relacionados con el acceso a archivos locales, también conocida como "vulnerabilidad de referencia a un recurso local". • http://service.real.com/realplayer/security/07252008_player/en http://www.securityfocus.com/archive/1/494934/100/0/threaded http://www.securityfocus.com/bid/30378 http://www.securitytracker.com/id?1020564 http://www.vupen.com/english/advisories/2008/2194/references https://exchange.xforce.ibmcloud.com/vulnerabilities/44014 • CWE-264: Permissions, Privileges, and Access Controls •