CVSS: 9.3EPSS: 2%CPEs: 50EXPL: 0CVE-2012-2406
https://notcve.org/view.php?id=CVE-2012-2406
RealNetworks RealPlayer before 15.0.4.53, and RealPlayer SP 1.0 through 1.1.5, does not properly parse ASMRuleBook data in RealMedia files, which allows remote attackers to execute arbitrary code via a crafted file. RealNetworks RealPlayer antes de v15.0.4.53, y RealPlayer SP v1.0 a v1.1.5, no analiza correctamente los datos ASMRuleBook en los archivos de RealMedia, lo que permite a atacantes remotos ejecutar código arbitrario a través de un archivo malicioso. • http://osvdb.org/81943 http://secunia.com/advisories/49193 http://service.real.com/realplayer/security/05152012_player/en http://www.securitytracker.com/id?1027076 https://exchange.xforce.ibmcloud.com/vulnerabilities/75647 •
CVSS: 9.3EPSS: 8%CPEs: 50EXPL: 0CVE-2012-2411
https://notcve.org/view.php?id=CVE-2012-2411
Buffer overflow in RealNetworks RealPlayer before 15.0.4.53, and RealPlayer SP 1.0 through 1.1.5, allows remote attackers to execute arbitrary code via a crafted RealJukebox Media file. Desbordamiento de búfer en RealPlayer de RealNetworks antes v15.0.4.53, y RealPlayer SP v1.0 a v1.1.5, permite a atacantes remotos ejecutar código arbitrario a través de un archivo RealJukebox Media modificado. • http://osvdb.org/81944 http://secunia.com/advisories/49193 http://service.real.com/realplayer/security/05152012_player/en http://www.securitytracker.com/id?1027076 https://exchange.xforce.ibmcloud.com/vulnerabilities/75648 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.3EPSS: 0%CPEs: 37EXPL: 2CVE-2012-1904 – RealPlayer - '.mp4' file handling memory Corruption
https://notcve.org/view.php?id=CVE-2012-1904
mp4fformat.dll in the QuickTime File Format plugin in RealNetworks RealPlayer 15 and earlier, and RealPlayer SP 1.1.4 Build 12.0.0.756 and earlier, allows remote attackers to cause a denial of service (memory corruption and application crash) via a crafted MP4 file. mp4fformat.dll en el complemento QuickTime File Format de RealNetworks RealPlayer v15 y anteriores, y RealPlayer SP v1.1.4 Build 12.0.0.756 y versiones anteriores, permite a atacantes remotos causar una denegación de servicio (corrupción de la memoria y la caída de aplicación) a través de un archivo MP4 modificado. • https://www.exploit-db.com/exploits/18661 http://packetstormsecurity.org/files/111162/RealPlayer-1.1.4-Memory-Corruption.html http://secunia.com/advisories/49193 http://www.securitytracker.com/id?1027076 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 1%CPEs: 38EXPL: 0CVE-2011-4245
https://notcve.org/view.php?id=CVE-2011-4245
The RealVideo renderer in RealNetworks RealPlayer before 15.0.0 and Mac RealPlayer before 12.0.0.1703 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. El procesador de RealVideo en RealNetworks RealPlayer anterior a v15.0.0 y Mac RealPlayer anterior a v12.0.0.1703 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de vectores no especificados. • http://service.real.com/realplayer/security/11182011_player/en • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 3%CPEs: 38EXPL: 0CVE-2011-4256 – RealNetworks RealPlayer RV30 Uninitialized Index Value Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-4256
The RV30 codec in RealNetworks RealPlayer before 15.0.0 and Mac RealPlayer before 12.0.0.1703 does not initialize an unspecified index value, which allows remote attackers to execute arbitrary code via unknown vectors. El codec RV30 en RealNetworks RealPlayer anterior a v15.0.0 y Mac RealPlayer anterior a v12.0.0.1703 no se inicializa un valor de índice especificado, lo que permite a atacantes remotos ejecutar código arbitrario a través de vectores desconocidos. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks Real Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application parses sample data encoded with the RV30 codec. When parsing this sample data, the application will make an allocation and then fail to completely initialize the buffer. • http://service.real.com/realplayer/security/11182011_player/en • CWE-94: Improper Control of Generation of Code ('Code Injection') •