CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 0CVE-2010-5228
https://notcve.org/view.php?id=CVE-2010-5228
Untrusted search path vulnerability in RealPlayer SP 1.1.5 12.0.0.879 allows local users to gain privileges via a Trojan horse rio500.dll file in the current working directory, as demonstrated by a directory that contains a .avi file. NOTE: some of these details are obtained from third party information. Vulnerabilidad de ruta de búsqueda no confiable en RealPlayer SP 12.0.0.879 1.1.5 permite a usuarios locales obtener privilegios a través de un archivo rio500.dll caballo de troya en el directorio de trabajo actual, como lo demuestra un directorio que contiene un archivo. Avi. NOTA: algunos de estos detalles han sido obtenidos a partir de la información de terceros. • http://secunia.com/advisories/41092 http://www.cs.ucdavis.edu/research/tech-reports/2010/CSE-2010-2.pdf •
CVSS: 9.3EPSS: 2%CPEs: 50EXPL: 0CVE-2012-2406
https://notcve.org/view.php?id=CVE-2012-2406
RealNetworks RealPlayer before 15.0.4.53, and RealPlayer SP 1.0 through 1.1.5, does not properly parse ASMRuleBook data in RealMedia files, which allows remote attackers to execute arbitrary code via a crafted file. RealNetworks RealPlayer antes de v15.0.4.53, y RealPlayer SP v1.0 a v1.1.5, no analiza correctamente los datos ASMRuleBook en los archivos de RealMedia, lo que permite a atacantes remotos ejecutar código arbitrario a través de un archivo malicioso. • http://osvdb.org/81943 http://secunia.com/advisories/49193 http://service.real.com/realplayer/security/05152012_player/en http://www.securitytracker.com/id?1027076 https://exchange.xforce.ibmcloud.com/vulnerabilities/75647 •
CVSS: 9.3EPSS: 8%CPEs: 50EXPL: 0CVE-2012-2411
https://notcve.org/view.php?id=CVE-2012-2411
Buffer overflow in RealNetworks RealPlayer before 15.0.4.53, and RealPlayer SP 1.0 through 1.1.5, allows remote attackers to execute arbitrary code via a crafted RealJukebox Media file. Desbordamiento de búfer en RealPlayer de RealNetworks antes v15.0.4.53, y RealPlayer SP v1.0 a v1.1.5, permite a atacantes remotos ejecutar código arbitrario a través de un archivo RealJukebox Media modificado. • http://osvdb.org/81944 http://secunia.com/advisories/49193 http://service.real.com/realplayer/security/05152012_player/en http://www.securitytracker.com/id?1027076 https://exchange.xforce.ibmcloud.com/vulnerabilities/75648 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 1%CPEs: 33EXPL: 0CVE-2012-0924 – RealNetworks RealPlayer VIDOBJ_START_CODE Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2012-0924
RealNetworks RealPlayer 11.x, 14.x, and 15.x before 15.02.71, and RealPlayer SP 1.0 through 1.1.5, allows remote attackers to execute arbitrary code via vectors involving a VIDOBJ_START_CODE code in a header within a video stream. RealNetworks RealPlayer v11.x, v14.x, v15.x, y anterior a v15.02.71, y RealPlayer SP v1.0 a v1.1.5, permite a atacantes remotos ejecutar código arbitrario a través de vectores relacionados con un código de VIDOBJ_START_CODE en un encabezado dentro de una secuencia de vídeo. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required in that a target must visit a malicious page or open a malicious file. The flaw exists within dmp4.dll, specifically the decoding of an MPEG stream. When encountering a VIDOBJ_START_CODE object the process inproperly validates the size of the destination buffer used for rendering. • http://secunia.com/advisories/47896 http://service.real.com/realplayer/security/02062012_player/en • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 1%CPEs: 33EXPL: 0CVE-2012-0926 – RealNetworks RealPlayer RV10 Encoded Height/Width Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2012-0926
The RV10 codec in RealNetworks RealPlayer 11.x, 14.x, and 15.x before 15.02.71, and RealPlayer SP 1.0 through 1.1.5, does not properly handle height and width values, which allows remote attackers to execute arbitrary code via a crafted RV10 RealVideo video stream. El codec RV10 en RealNetworks RealPlayer v11.x, v14.x, v15.x, y anterior a v15.02.71, y RealPlayer SP v1.0 a v1.1.5, no controla correctamente los valores de altura y anchura, lo que permite a atacantes remotos ejecutar código arbitrario a través de una secuencia de vídeo diseñado RV10 RealVideo. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required in that a target must visit a malicious page or open a malicious file. The flaw exists within the RV10 encoded data in the rv10.dll component. When encountering an invalid encoded height or width field the process miscalculates an offset while preparing to decode the data packets which constitute the stream. • http://secunia.com/advisories/47896 http://service.real.com/realplayer/security/02062012_player/en • CWE-94: Improper Control of Generation of Code ('Code Injection') •