CVE-2014-3444 – RealPlayer - '.3gp' File Processing Memory Corruption
https://notcve.org/view.php?id=CVE-2014-3444
The GetGUID function in codecs/dmp4.dll in RealNetworks RealPlayer 16.0.3.51 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (write access violation and application crash) via a malformed .3gp file. La función GetGUID en codecs/dmp4.dll en RealNetworks RealPlayer 16.0.3.51 y anteriores permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (violación de acceso a escritura y caída de aplicación) a través de un archivo .3gp malformado. Realplayer version 16.0.3.51 suffers from a memory corruption vulnerability. • https://www.exploit-db.com/exploits/39182 http://packetstormsecurity.com/files/126637 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2013-7260 – RealNetworks RealPlayer 16.0.3.51/16.0.2.32 - '.rmp' Version Attribute Buffer Overflow
https://notcve.org/view.php?id=CVE-2013-7260
Multiple stack-based buffer overflows in RealNetworks RealPlayer before 17.0.4.61 on Windows, and Mac RealPlayer before 12.0.1.1738, allow remote attackers to execute arbitrary code via a long (1) version number or (2) encoding declaration in the XML declaration of an RMP file, a different issue than CVE-2013-6877. Múltiples desbordamientos de buffer basados en pila en RealNetworks RealPlayer anteriores a 17.0.4.61 en Windows, y Mac RealPlayer anteriores a 12.0.1.1738, permite a atacantes remotos ejecutar código arbitrario a través de (1) un número de versión largo o (2) una declaración de codificación larga en la declaración XML de un fichero RMP, un problema distinto al CVE-2013-6877. • https://www.exploit-db.com/exploits/30468 http://service.real.com/realplayer/security/12202013_player/en http://www.exploit-db.com/exploits/30468 http://www.kb.cert.org/vuls/id/698278 http://www.securityfocus.com/bid/64695 https://exchange.xforce.ibmcloud.com/vulnerabilities/90160 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2013-6877 – RealNetworks RealPlayer 16.0.3.51/16.0.2.32 - '.rmp' Version Attribute Buffer Overflow
https://notcve.org/view.php?id=CVE-2013-6877
Heap-based buffer overflow in RealNetworks RealPlayer before 17.0.4.61 on Windows, and Mac RealPlayer before 12.0.1.1738, allows remote attackers to execute arbitrary code via a long string in the TRACKID element of an RMP file, a different vulnerability than CVE-2013-7260. Desbordamiento de buffer basado en memoria dinámica en RealNetworks RealPlayer 16.0.2.32 y 16.0.3.51 permite a atacantes remotos ejecutar código de forma arbitraria a través de una cadena larga en el elemento TRACKID de un archivo RMP. • https://www.exploit-db.com/exploits/30468 http://archives.neohapsis.com/archives/bugtraq/2013-12/0104.html http://packetstormsecurity.com/files/124535 http://service.real.com/realplayer/security/12202013_player/en http://www.coresecurity.com/advisories/realplayer-heap-based-buffer-overflow-vulnerability http://www.securityfocus.com/bid/64398 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2013-4973
https://notcve.org/view.php?id=CVE-2013-4973
Stack-based buffer overflow in RealNetworks RealPlayer before 16.0.3.51, and RealPlayer SP 1.0 through 1.1.5, allows remote attackers to execute arbitrary code via a crafted .rmp file. Desbordamiento de búfer basado en pila en RealNetworks RealPlayer anterior a v16.0.3.51, y RealPlayer SP v1.0 hasta v1.1.5, permite a atacantes remotos ejecutar código arbitrario a través de un archivo .rmp manipulado. • http://service.real.com/realplayer/security/08232013_player/en http://www.kb.cert.org/vuls/id/246524 http://www.securityfocus.com/bid/61989 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2013-4974
https://notcve.org/view.php?id=CVE-2013-4974
RealNetworks RealPlayer before 16.0.3.51, and RealPlayer SP 1.0 through 1.1.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a malformed RealMedia file. RealNetworks RealPlayer anterior a v16.0.3.51, y RealPlayer SP v1.0 hasta v1.1.5, permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un archivo con formato incorrecto de RealMedia. • http://service.real.com/realplayer/security/08232013_player/en http://www.securityfocus.com/bid/61990 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •