CVSS: 9.3EPSS: 3%CPEs: 50EXPL: 0CVE-2012-2406
https://notcve.org/view.php?id=CVE-2012-2406
RealNetworks RealPlayer before 15.0.4.53, and RealPlayer SP 1.0 through 1.1.5, does not properly parse ASMRuleBook data in RealMedia files, which allows remote attackers to execute arbitrary code via a crafted file. RealNetworks RealPlayer antes de v15.0.4.53, y RealPlayer SP v1.0 a v1.1.5, no analiza correctamente los datos ASMRuleBook en los archivos de RealMedia, lo que permite a atacantes remotos ejecutar código arbitrario a través de un archivo malicioso. • http://osvdb.org/81943 http://secunia.com/advisories/49193 http://service.real.com/realplayer/security/05152012_player/en http://www.securitytracker.com/id?1027076 https://exchange.xforce.ibmcloud.com/vulnerabilities/75647 •
CVSS: 9.3EPSS: 10%CPEs: 50EXPL: 0CVE-2012-2411
https://notcve.org/view.php?id=CVE-2012-2411
Buffer overflow in RealNetworks RealPlayer before 15.0.4.53, and RealPlayer SP 1.0 through 1.1.5, allows remote attackers to execute arbitrary code via a crafted RealJukebox Media file. Desbordamiento de búfer en RealPlayer de RealNetworks antes v15.0.4.53, y RealPlayer SP v1.0 a v1.1.5, permite a atacantes remotos ejecutar código arbitrario a través de un archivo RealJukebox Media modificado. • http://osvdb.org/81944 http://secunia.com/advisories/49193 http://service.real.com/realplayer/security/05152012_player/en http://www.securitytracker.com/id?1027076 https://exchange.xforce.ibmcloud.com/vulnerabilities/75648 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.3EPSS: 0%CPEs: 37EXPL: 2CVE-2012-1904 – RealPlayer - '.mp4' file handling memory Corruption
https://notcve.org/view.php?id=CVE-2012-1904
mp4fformat.dll in the QuickTime File Format plugin in RealNetworks RealPlayer 15 and earlier, and RealPlayer SP 1.1.4 Build 12.0.0.756 and earlier, allows remote attackers to cause a denial of service (memory corruption and application crash) via a crafted MP4 file. mp4fformat.dll en el complemento QuickTime File Format de RealNetworks RealPlayer v15 y anteriores, y RealPlayer SP v1.1.4 Build 12.0.0.756 y versiones anteriores, permite a atacantes remotos causar una denegación de servicio (corrupción de la memoria y la caída de aplicación) a través de un archivo MP4 modificado. • https://www.exploit-db.com/exploits/18661 http://packetstormsecurity.org/files/111162/RealPlayer-1.1.4-Memory-Corruption.html http://secunia.com/advisories/49193 http://www.securitytracker.com/id?1027076 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 10%CPEs: 33EXPL: 0CVE-2012-0922 – RealNetworks RealPlayer rvrender RMFF Flags Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2012-0922
rvrender.dll in RealNetworks RealPlayer 11.x, 14.x, and 15.x before 15.02.71, and RealPlayer SP 1.0 through 1.1.5, allows remote attackers to execute arbitrary code via crafted flags in an RMFF file. rvrender.dll en RealNetworks RealPlayer v11.x, v14.x, v15.x, y anterior a v15.02.71, y RealPlayer SP v1.0 a v1.1.5, permite a atacantes remotos ejecutar código arbitrario a través de banderas hechas a mano en un archivo de RMFF. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the rvrender module. When parsing an IVR file, the code within this module does not account for a negative value for the "RMFF 1.0 Flags" element within the input data. By providing a specially crafted file an attacker is able to achieve a program state that results in a function pointer value being retrieved from file data and subsequently called. • http://osvdb.org/78911 http://secunia.com/advisories/47896 http://service.real.com/realplayer/security/02062012_player/en http://www.securityfocus.com/bid/51883 https://exchange.xforce.ibmcloud.com/vulnerabilities/73018 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 7%CPEs: 33EXPL: 0CVE-2012-0923 – RealNetworks RealPlayer RV20 Frame Size Array Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2012-0923
The RV20 codec in RealNetworks RealPlayer 11.x, 14.x, and 15.x before 15.02.71, and RealPlayer SP 1.0 through 1.1.5, does not properly handle the frame size array, which allows remote attackers to execute arbitrary code via a crafted RV20 RealVideo video stream. El codec RV20 en RealNetworks RealPlayer v11.x, v14.x, v15.x, y anterior a v15.02.71, y RealPlayer SP v1.0 a v1.1.5, no controla correctamente el tamaño de la matriz de marco, que permite a atacantes remotos ejecutar código arbitrario a través de una secuencia de vídeo diseñado RV20 RealVideo. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application parses a particular array contained within a Real Media file and then uses the data. When allocating and reading frame size information, the application will fail to check the bounds of how this array is used. • http://osvdb.org/78912 http://secunia.com/advisories/47896 http://service.real.com/realplayer/security/02062012_player/en http://www.securityfocus.com/bid/51884 • CWE-94: Improper Control of Generation of Code ('Code Injection') •