CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 0CVE-2010-5228
https://notcve.org/view.php?id=CVE-2010-5228
Untrusted search path vulnerability in RealPlayer SP 1.1.5 12.0.0.879 allows local users to gain privileges via a Trojan horse rio500.dll file in the current working directory, as demonstrated by a directory that contains a .avi file. NOTE: some of these details are obtained from third party information. Vulnerabilidad de ruta de búsqueda no confiable en RealPlayer SP 12.0.0.879 1.1.5 permite a usuarios locales obtener privilegios a través de un archivo rio500.dll caballo de troya en el directorio de trabajo actual, como lo demuestra un directorio que contiene un archivo. Avi. NOTA: algunos de estos detalles han sido obtenidos a partir de la información de terceros. • http://secunia.com/advisories/41092 http://www.cs.ucdavis.edu/research/tech-reports/2010/CSE-2010-2.pdf •
CVSS: 9.3EPSS: 3%CPEs: 50EXPL: 0CVE-2012-2406
https://notcve.org/view.php?id=CVE-2012-2406
RealNetworks RealPlayer before 15.0.4.53, and RealPlayer SP 1.0 through 1.1.5, does not properly parse ASMRuleBook data in RealMedia files, which allows remote attackers to execute arbitrary code via a crafted file. RealNetworks RealPlayer antes de v15.0.4.53, y RealPlayer SP v1.0 a v1.1.5, no analiza correctamente los datos ASMRuleBook en los archivos de RealMedia, lo que permite a atacantes remotos ejecutar código arbitrario a través de un archivo malicioso. • http://osvdb.org/81943 http://secunia.com/advisories/49193 http://service.real.com/realplayer/security/05152012_player/en http://www.securitytracker.com/id?1027076 https://exchange.xforce.ibmcloud.com/vulnerabilities/75647 •
CVSS: 9.3EPSS: 10%CPEs: 50EXPL: 0CVE-2012-2411
https://notcve.org/view.php?id=CVE-2012-2411
Buffer overflow in RealNetworks RealPlayer before 15.0.4.53, and RealPlayer SP 1.0 through 1.1.5, allows remote attackers to execute arbitrary code via a crafted RealJukebox Media file. Desbordamiento de búfer en RealPlayer de RealNetworks antes v15.0.4.53, y RealPlayer SP v1.0 a v1.1.5, permite a atacantes remotos ejecutar código arbitrario a través de un archivo RealJukebox Media modificado. • http://osvdb.org/81944 http://secunia.com/advisories/49193 http://service.real.com/realplayer/security/05152012_player/en http://www.securitytracker.com/id?1027076 https://exchange.xforce.ibmcloud.com/vulnerabilities/75648 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.3EPSS: 0%CPEs: 37EXPL: 2CVE-2012-1904 – RealPlayer - '.mp4' file handling memory Corruption
https://notcve.org/view.php?id=CVE-2012-1904
mp4fformat.dll in the QuickTime File Format plugin in RealNetworks RealPlayer 15 and earlier, and RealPlayer SP 1.1.4 Build 12.0.0.756 and earlier, allows remote attackers to cause a denial of service (memory corruption and application crash) via a crafted MP4 file. mp4fformat.dll en el complemento QuickTime File Format de RealNetworks RealPlayer v15 y anteriores, y RealPlayer SP v1.1.4 Build 12.0.0.756 y versiones anteriores, permite a atacantes remotos causar una denegación de servicio (corrupción de la memoria y la caída de aplicación) a través de un archivo MP4 modificado. • https://www.exploit-db.com/exploits/18661 http://packetstormsecurity.org/files/111162/RealPlayer-1.1.4-Memory-Corruption.html http://secunia.com/advisories/49193 http://www.securitytracker.com/id?1027076 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 10%CPEs: 33EXPL: 0CVE-2012-0922 – RealNetworks RealPlayer rvrender RMFF Flags Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2012-0922
rvrender.dll in RealNetworks RealPlayer 11.x, 14.x, and 15.x before 15.02.71, and RealPlayer SP 1.0 through 1.1.5, allows remote attackers to execute arbitrary code via crafted flags in an RMFF file. rvrender.dll en RealNetworks RealPlayer v11.x, v14.x, v15.x, y anterior a v15.02.71, y RealPlayer SP v1.0 a v1.1.5, permite a atacantes remotos ejecutar código arbitrario a través de banderas hechas a mano en un archivo de RMFF. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the rvrender module. When parsing an IVR file, the code within this module does not account for a negative value for the "RMFF 1.0 Flags" element within the input data. By providing a specially crafted file an attacker is able to achieve a program state that results in a function pointer value being retrieved from file data and subsequently called. • http://osvdb.org/78911 http://secunia.com/advisories/47896 http://service.real.com/realplayer/security/02062012_player/en http://www.securityfocus.com/bid/51883 https://exchange.xforce.ibmcloud.com/vulnerabilities/73018 • CWE-94: Improper Control of Generation of Code ('Code Injection') •