CVSS: 9.8EPSS: 2%CPEs: 30EXPL: 0CVE-2011-4258 – RealNetworks RealPlayer IVR MLTI Chunk Length Parsing Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-4258
24 Nov 2011 — RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via a crafted length of an MLTI chunk in an IVR file. RealNetworks RealPlayer anterior a v15.0.0 permite a atacantes remotos ejecutar código arbitrario a través de un trozo MLTI en un archivo IVR. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks Real Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious ... • http://service.real.com/realplayer/security/11182011_player/en • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 2%CPEs: 30EXPL: 0CVE-2011-4259 – RealNetwork RealPlayer MPG Width Integer Underflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-4259
24 Nov 2011 — Integer underflow in RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via a crafted width value in an MPG file. Desbordamiento de enteros en RealNetworks RealPlayer anterior a v15.0.0 permite a atacantes remotos ejecutar código arbitrario mediante un valor de anchura en un archivo MPG. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Realplayer. User interaction is required to exploit this vulnerability in that the tar... • http://service.real.com/realplayer/security/11182011_player/en • CWE-189: Numeric Errors •
CVSS: 9.8EPSS: 2%CPEs: 30EXPL: 0CVE-2011-4260 – RealNetworks RealPlayer mp4arender esds channel count Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-4260
24 Nov 2011 — RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via a malformed header in an MP4 file. RealNetworks RealPlayer anterior a v15.0.0 permite a atacantes remotos ejecutar código arbitrario mediante una cabecera con formato incorrecto en un archivo MP4. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks Realplayer. User interaction is required to exploit this vulnerability in that the target must visit a malicio... • http://service.real.com/realplayer/security/11182011_player/en • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 2%CPEs: 30EXPL: 0CVE-2011-4261 – RealNetworks RealPlayer dmp4 esds Width Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-4261
24 Nov 2011 — RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via crafted video dimensions in an MP4 file. RealNetworks RealPlayer anterior a v15.0.0 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (heap memory corruption) a través de las dimensiones de video creadas en un archivo MP4. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Re... • http://service.real.com/realplayer/security/11182011_player/en • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 1%CPEs: 30EXPL: 0CVE-2011-4262 – RealNetworks RealPlayer mp4fformat rdrf Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-4262
24 Nov 2011 — Unspecified vulnerability in RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via a crafted MP4 file. Vulnerabilidad no especificada en RealNetworks RealPlayer anterior a v15.0.0 permite a atacantes remotos ejecutar código arbitrario mediante un archivo MP4 diseñado This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks Realplayer. User interaction is required to exploit this vulnerability in that the target mus... • http://service.real.com/realplayer/security/11182011_player/en •
CVSS: 5.4EPSS: 0%CPEs: 24EXPL: 0CVE-2011-1221
https://notcve.org/view.php?id=CVE-2011-1221
04 Oct 2011 — Cross-zone scripting vulnerability in the RealPlayer ActiveX control in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5, RealPlayer SP 1.0 through 1.1.5, and RealPlayer Enterprise 2.0 through 2.1.5 allows remote attackers to inject arbitrary web script or HTML in the Local Zone via a local HTML document, a different vulnerability than CVE-2011-2947. Vulnerabilidad de scripting a través de zonas (cross-zone scripting) en el control ActiveX RealPlayer de RealNetworks RealPlayer 11.0 hasta ... • http://service.real.com/realplayer/security/08162011_player/en • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 5%CPEs: 23EXPL: 0CVE-2011-2946
https://notcve.org/view.php?id=CVE-2011-2946
18 Aug 2011 — Unspecified vulnerability in an ActiveX control in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5, RealPlayer SP 1.0 through 1.1.5, and RealPlayer Enterprise 2.0 through 2.1.5 allows remote attackers to execute arbitrary code via unknown vectors. Vulnerabilidad no especificada en un control ActiveX en RealNetworks RealPlayer v11.0 a v11.1 y v14.0.0 a v14.0.5, RealPlayer SP v1.0 a v1.1.5, y RealPlayer Enterprise v2.0 a v2.1.5 permite a atacantes remotos ejecutar código de su elección a t... • http://service.real.com/realplayer/security/08162011_player/en •
CVSS: 9.3EPSS: 7%CPEs: 18EXPL: 0CVE-2011-2945
https://notcve.org/view.php?id=CVE-2011-2945
18 Aug 2011 — Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5 and RealPlayer SP 1.0 through 1.1.5 allows remote attackers to execute arbitrary code via a crafted SIPR stream. Desbordamiento de pila basado en memoria dinámica (heap) en RealNetworks RealPlayer v11.0 a v11.1 y v14.0.0 a v14.0.5, y RealPlayer SP v1.0 a v1.1.5 permite a atacantes remotos ejecutar código de su elección a través de un stream SIPR debidamente modificado. • http://service.real.com/realplayer/security/08162011_player/en • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 2%CPEs: 24EXPL: 0CVE-2011-2952
https://notcve.org/view.php?id=CVE-2011-2952
18 Aug 2011 — Use-after-free vulnerability in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5, RealPlayer SP 1.0 through 1.1.5, and RealPlayer Enterprise 2.0 through 2.1.5 allows remote attackers to execute arbitrary code via vectors related to a dialog box. Vulnerabilidad de uso después de liberación en RealNetworks RealPlayer v11.0 a v11.1 y v14.0.0 a v14.0.5, RealPlayer SP v1.0 a v1.1.5, y RealPlayer Enterprise v2.0 a v2.1.5 permite a atacantes remotos ejecutar código de su elección a través de vec... • http://service.real.com/realplayer/security/08162011_player/en • CWE-399: Resource Management Errors •
CVSS: 10.0EPSS: 5%CPEs: 24EXPL: 0CVE-2011-2953
https://notcve.org/view.php?id=CVE-2011-2953
18 Aug 2011 — An unspecified ActiveX control in the browser plugin in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5, RealPlayer SP 1.0 through 1.1.5, and RealPlayer Enterprise 2.0 through 2.1.5 allows remote attackers to execute arbitrary code via unknown vectors, related to an out-of-bounds condition. Un control ActiveX no especificado en el plugin para los navegadores de RealNetworks RealPlayer v11.0 a v11.1 y v14.0.0 a v14.0.5, y RealPlayer SP v1.0 a v1.1.5, y RealPlayer Enterprise v2.0 a v2.1.5 ... • http://service.real.com/realplayer/security/08162011_player/en • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •