CVSS: 9.3EPSS: 2%CPEs: 50EXPL: 0CVE-2012-2406
https://notcve.org/view.php?id=CVE-2012-2406
RealNetworks RealPlayer before 15.0.4.53, and RealPlayer SP 1.0 through 1.1.5, does not properly parse ASMRuleBook data in RealMedia files, which allows remote attackers to execute arbitrary code via a crafted file. RealNetworks RealPlayer antes de v15.0.4.53, y RealPlayer SP v1.0 a v1.1.5, no analiza correctamente los datos ASMRuleBook en los archivos de RealMedia, lo que permite a atacantes remotos ejecutar código arbitrario a través de un archivo malicioso. • http://osvdb.org/81943 http://secunia.com/advisories/49193 http://service.real.com/realplayer/security/05152012_player/en http://www.securitytracker.com/id?1027076 https://exchange.xforce.ibmcloud.com/vulnerabilities/75647 •
CVSS: 9.3EPSS: 8%CPEs: 50EXPL: 0CVE-2012-2411
https://notcve.org/view.php?id=CVE-2012-2411
Buffer overflow in RealNetworks RealPlayer before 15.0.4.53, and RealPlayer SP 1.0 through 1.1.5, allows remote attackers to execute arbitrary code via a crafted RealJukebox Media file. Desbordamiento de búfer en RealPlayer de RealNetworks antes v15.0.4.53, y RealPlayer SP v1.0 a v1.1.5, permite a atacantes remotos ejecutar código arbitrario a través de un archivo RealJukebox Media modificado. • http://osvdb.org/81944 http://secunia.com/advisories/49193 http://service.real.com/realplayer/security/05152012_player/en http://www.securitytracker.com/id?1027076 https://exchange.xforce.ibmcloud.com/vulnerabilities/75648 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 1%CPEs: 33EXPL: 0CVE-2012-0924 – RealNetworks RealPlayer VIDOBJ_START_CODE Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2012-0924
RealNetworks RealPlayer 11.x, 14.x, and 15.x before 15.02.71, and RealPlayer SP 1.0 through 1.1.5, allows remote attackers to execute arbitrary code via vectors involving a VIDOBJ_START_CODE code in a header within a video stream. RealNetworks RealPlayer v11.x, v14.x, v15.x, y anterior a v15.02.71, y RealPlayer SP v1.0 a v1.1.5, permite a atacantes remotos ejecutar código arbitrario a través de vectores relacionados con un código de VIDOBJ_START_CODE en un encabezado dentro de una secuencia de vídeo. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required in that a target must visit a malicious page or open a malicious file. The flaw exists within dmp4.dll, specifically the decoding of an MPEG stream. When encountering a VIDOBJ_START_CODE object the process inproperly validates the size of the destination buffer used for rendering. • http://secunia.com/advisories/47896 http://service.real.com/realplayer/security/02062012_player/en • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 1%CPEs: 33EXPL: 0CVE-2012-0926 – RealNetworks RealPlayer RV10 Encoded Height/Width Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2012-0926
The RV10 codec in RealNetworks RealPlayer 11.x, 14.x, and 15.x before 15.02.71, and RealPlayer SP 1.0 through 1.1.5, does not properly handle height and width values, which allows remote attackers to execute arbitrary code via a crafted RV10 RealVideo video stream. El codec RV10 en RealNetworks RealPlayer v11.x, v14.x, v15.x, y anterior a v15.02.71, y RealPlayer SP v1.0 a v1.1.5, no controla correctamente los valores de altura y anchura, lo que permite a atacantes remotos ejecutar código arbitrario a través de una secuencia de vídeo diseñado RV10 RealVideo. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required in that a target must visit a malicious page or open a malicious file. The flaw exists within the RV10 encoded data in the rv10.dll component. When encountering an invalid encoded height or width field the process miscalculates an offset while preparing to decode the data packets which constitute the stream. • http://secunia.com/advisories/47896 http://service.real.com/realplayer/security/02062012_player/en • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 1%CPEs: 33EXPL: 0CVE-2012-0927 – RealNetworks RealPlayer RealAudio coded_frame_size Remote Code Execution
https://notcve.org/view.php?id=CVE-2012-0927
Unspecified vulnerability in RealNetworks RealPlayer 11.x, 14.x, and 15.x before 15.02.71, and RealPlayer SP 1.0 through 1.1.5, allows remote attackers to execute arbitrary code via vectors involving the coded_frame_size value in a RealAudio audio stream. Vulnerabilidad no especificada en RealNetworks RealPlayer v11.x, v14.x, v15.x, y anterior a 15.02.71, y RealPlayer SP v1.0 a v1.1.5, permite a atacantes remotos ejecutar código arbitrario a través de vectores relacionados con el valor coded_frame_size en un flujo de audio RealAudio. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required in that a target must visit a malicious page or open a malicious file. The flaw exists within cook.dll, specifically the handling of a RealAudio 2.0 file. When parsing the RA2 header a coded_frame_sz element is used to calculate the size for an allocation. • http://secunia.com/advisories/47896 http://service.real.com/realplayer/security/02062012_player/en • CWE-94: Improper Control of Generation of Code ('Code Injection') •