CVE-2009-4246 – RealNetworks RealPlayer Skin Parsing Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2009-4246
Stack-based buffer overflow in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows user-assisted remote attackers to execute arbitrary code via a malformed .RJS skin file that contains a web.xmb file with crafted length values. Desbordamiento de búfer basado en pila en RealNetworks RealPlayer 10, RealPlayer v10.5 6.0.12.1040 hasta v6.0.12.1741, RealPlayer 11 v11.0.0 hasta 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 y v10.1, Linux RealPlayer 10, y Helix Player v10.x, permite a atacantes remotos asistidos por usuarios locales ejecutar código de su elección a través de un fichero "skin" .RJS que contiene un fichero web.xmb con las longitudes de cadena manipuladas. This vulnerability allows remote attackers to execute code on vulnerable installations of RealNetworks RealPlayer. User interaction is required in that a user must visit a malicious website or open a malicious file and accept a dialog to switch player skins. The specific flaw exists during parsing of malformed RealPlayer .RJS skin files. While loading a skin the application copies certain variable length fields from the extracted file named web.xmb into a statically sized buffer. • http://secunia.com/advisories/38218 http://securitytracker.com/id?1023489 http://service.real.com/realplayer/security/01192010_player/en http://www.securityfocus.com/archive/1/509104/100/0/threaded http://www.securityfocus.com/bid/37880 http://www.vupen.com/english/advisories/2010/0178 http://www.zerodayinitiative.com/advisories/ZDI-10-010 https://exchange.xforce.ibmcloud.com/vulnerabilities/55799 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2007-4904 – RealPlayer 11 - '.au' Denial of Service
https://notcve.org/view.php?id=CVE-2007-4904
RealNetworks RealPlayer 10.1.0.3114 and earlier, and Helix Player 1.0.6.778 on Fedora Core 6 (FC6) and possibly other platforms, allow user-assisted remote attackers to cause a denial of service (application crash) via a malformed .au file that triggers a divide-by-zero error. RealNetworks RealPlayer 10.1.0.3114 y anteriores, y Helix Player 1.0.6.778 sobre Fedora Core 6 (FC6) y posiblemente otras plataformas, permite a atacantes remotos con la intervención del usuario provocar denegación de servicio (caida de aplicación) a través de un archivo malformado .au que dispara un error de división por cero. • https://www.exploit-db.com/exploits/4683 http://archives.neohapsis.com/archives/fulldisclosure/2007-09/0154.html http://osvdb.org/39904 http://www.securityfocus.com/archive/1/479081/100/0/threaded http://www.securityfocus.com/bid/25627 https://exchange.xforce.ibmcloud.com/vulnerabilities/36545 • CWE-189: Numeric Errors •
CVE-2007-3410 – RealNetworks RealPlayer/HelixPlayer - SMIL wallclock Stack Overflow (PoC)
https://notcve.org/view.php?id=CVE-2007-3410
Stack-based buffer overflow in the SmilTimeValue::parseWallClockValue function in smlprstime.cpp in RealNetworks RealPlayer 10, 10.1, and possibly 10.5, RealOne Player, RealPlayer Enterprise, and Helix Player 10.5-GOLD and 10.0.5 through 10.0.8, allows remote attackers to execute arbitrary code via an SMIL (SMIL2) file with a long wallclock value. Un desbordamiento de búfer en la región stack de la memoria en la función SmilTimeValue::parseWallClockValue en el archivo smlprstime.cpp en RealNetworks RealPlayer versiones 10, 10.1 y posiblemente 10.5, RealOne Player, RealPlayer Enterprise y Helix Player versión 10.5-GOLD y versiones 10.0.5 hasta 10.0.8, permite a atacantes remotos ejecutar código arbitrario por medio de un archivo SMIL (SMIL2) con un valor wallclock largo. • https://www.exploit-db.com/exploits/4118 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=547 http://osvdb.org/37374 http://osvdb.org/38342 http://secunia.com/advisories/25819 http://secunia.com/advisories/25859 http://secunia.com/advisories/26463 http://secunia.com/advisories/26828 http://secunia.com/advisories/27361 http://security.gentoo.org/glsa/glsa-200709-05.xml http://securitytracker.com/id?1018297 http://securitytracker.com/id?1018299 http:/& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2006-0323 – RealPlayer 10.5 (6.0.12.1040-1348) - SWF Buffer Overflow (PoC)
https://notcve.org/view.php?id=CVE-2006-0323
Buffer overflow in swfformat.dll in multiple RealNetworks products and versions including RealPlayer 10.x, RealOne Player, Rhapsody 3, and Helix Player allows remote attackers to execute arbitrary code via a crafted SWF (Flash) file with (1) a size value that is less than the actual size, or (2) other unspecified manipulations. Desbordamiento de buffer en swfformat.dll en múltiples productos y versiones RealNetworks incluyendo RealPlayer 10.x, RealOne Player, Rhapsody 3 y Helix Player permite a atacantes remotos ejecutar código arbitrario a través de un archivo SWF (Flash) manipulado con (1) un valor de tamaño que es menor que el tamaño real o (2) otras manipulaciones no especificadas. • https://www.exploit-db.com/exploits/1622 https://www.exploit-db.com/exploits/27460 http://secunia.com/advisories/19358 http://secunia.com/advisories/19362 http://secunia.com/advisories/19365 http://secunia.com/advisories/19390 http://securityreason.com/securityalert/690 http://securitytracker.com/id?1015806 http://www.gentoo.org/security/en/glsa/glsa-200603-24.xml http://www.kb.cert.org/vuls/id/231028 http://www.novell.com/linux/security/advisories/2006_18_realplayer. • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2005-2922
https://notcve.org/view.php?id=CVE-2005-2922
Heap-based buffer overflow in the embedded player in multiple RealNetworks products and versions including RealPlayer 10.x, RealOne Player, and Helix Player allows remote malicious servers to cause a denial of service (crash) and possibly execute arbitrary code via a chunked Transfer-Encoding HTTP response in which either (1) the chunk header length is specified as -1, (2) the chunk header with a length that is less than the actual amount of sent data, or (3) a missing chunk header. • http://secunia.com/advisories/19358 http://secunia.com/advisories/19365 http://securitytracker.com/id?1015808 http://www.kb.cert.org/vuls/id/172489 http://www.novell.com/linux/security/advisories/2006_18_realplayer.html http://www.redhat.com/support/errata/RHSA-2005-762.html http://www.redhat.com/support/errata/RHSA-2005-788.html http://www.securityfocus.com/bid/17202 http://www.service.real.com/realplayer/security/03162006_player/en http://www.vupen.com/english/advisor • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •