CVSS: 6.8EPSS: 0%CPEs: 44EXPL: 0CVE-2012-2410
https://notcve.org/view.php?id=CVE-2012-2410
Buffer overflow in RealNetworks RealPlayer before 15.0.6.14, RealPlayer SP 1.0 through 1.1.5, and Mac RealPlayer before 12.0.1.1750 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted RealMedia file, a different vulnerability than CVE-2012-2409. Desbordamiento de búfer en RealPlayer de RealNetworks anterior a v15.0.6.14, RealPlayer SP 1.0 a 1.1.5 y Mac RealPlayer anterior a v12.0.1.1750, permite a atacantes remotos provocar una denegación de servicio o posiblemente tener un impacto no especificado a través de un archivo de RealMedia artesanal, una vulnerabilidad diferente a CVE-2012-2409. • http://service.real.com/realplayer/security/09072012_player/en https://exchange.xforce.ibmcloud.com/vulnerabilities/78387 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 3%CPEs: 50EXPL: 0CVE-2012-2406
https://notcve.org/view.php?id=CVE-2012-2406
RealNetworks RealPlayer before 15.0.4.53, and RealPlayer SP 1.0 through 1.1.5, does not properly parse ASMRuleBook data in RealMedia files, which allows remote attackers to execute arbitrary code via a crafted file. RealNetworks RealPlayer antes de v15.0.4.53, y RealPlayer SP v1.0 a v1.1.5, no analiza correctamente los datos ASMRuleBook en los archivos de RealMedia, lo que permite a atacantes remotos ejecutar código arbitrario a través de un archivo malicioso. • http://osvdb.org/81943 http://secunia.com/advisories/49193 http://service.real.com/realplayer/security/05152012_player/en http://www.securitytracker.com/id?1027076 https://exchange.xforce.ibmcloud.com/vulnerabilities/75647 •
CVSS: 9.3EPSS: 10%CPEs: 50EXPL: 0CVE-2012-2411
https://notcve.org/view.php?id=CVE-2012-2411
Buffer overflow in RealNetworks RealPlayer before 15.0.4.53, and RealPlayer SP 1.0 through 1.1.5, allows remote attackers to execute arbitrary code via a crafted RealJukebox Media file. Desbordamiento de búfer en RealPlayer de RealNetworks antes v15.0.4.53, y RealPlayer SP v1.0 a v1.1.5, permite a atacantes remotos ejecutar código arbitrario a través de un archivo RealJukebox Media modificado. • http://osvdb.org/81944 http://secunia.com/advisories/49193 http://service.real.com/realplayer/security/05152012_player/en http://www.securitytracker.com/id?1027076 https://exchange.xforce.ibmcloud.com/vulnerabilities/75648 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.3EPSS: 0%CPEs: 37EXPL: 2CVE-2012-1904 – RealPlayer - '.mp4' file handling memory Corruption
https://notcve.org/view.php?id=CVE-2012-1904
mp4fformat.dll in the QuickTime File Format plugin in RealNetworks RealPlayer 15 and earlier, and RealPlayer SP 1.1.4 Build 12.0.0.756 and earlier, allows remote attackers to cause a denial of service (memory corruption and application crash) via a crafted MP4 file. mp4fformat.dll en el complemento QuickTime File Format de RealNetworks RealPlayer v15 y anteriores, y RealPlayer SP v1.1.4 Build 12.0.0.756 y versiones anteriores, permite a atacantes remotos causar una denegación de servicio (corrupción de la memoria y la caída de aplicación) a través de un archivo MP4 modificado. • https://www.exploit-db.com/exploits/18661 http://packetstormsecurity.org/files/111162/RealPlayer-1.1.4-Memory-Corruption.html http://secunia.com/advisories/49193 http://www.securitytracker.com/id?1027076 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 10%CPEs: 33EXPL: 0CVE-2012-0922 – RealNetworks RealPlayer rvrender RMFF Flags Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2012-0922
rvrender.dll in RealNetworks RealPlayer 11.x, 14.x, and 15.x before 15.02.71, and RealPlayer SP 1.0 through 1.1.5, allows remote attackers to execute arbitrary code via crafted flags in an RMFF file. rvrender.dll en RealNetworks RealPlayer v11.x, v14.x, v15.x, y anterior a v15.02.71, y RealPlayer SP v1.0 a v1.1.5, permite a atacantes remotos ejecutar código arbitrario a través de banderas hechas a mano en un archivo de RMFF. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the rvrender module. When parsing an IVR file, the code within this module does not account for a negative value for the "RMFF 1.0 Flags" element within the input data. By providing a specially crafted file an attacker is able to achieve a program state that results in a function pointer value being retrieved from file data and subsequently called. • http://osvdb.org/78911 http://secunia.com/advisories/47896 http://service.real.com/realplayer/security/02062012_player/en http://www.securityfocus.com/bid/51883 https://exchange.xforce.ibmcloud.com/vulnerabilities/73018 • CWE-94: Improper Control of Generation of Code ('Code Injection') •