CVSS: 9.3EPSS: 1%CPEs: 26EXPL: 0CVE-2010-4381
https://notcve.org/view.php?id=CVE-2010-4381
14 Dec 2010 — Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.4, RealPlayer Enterprise 2.1.2, and Mac RealPlayer 11.0 through 12.0.0.1444 allows remote attackers to have an unspecified impact via a crafted AAC file. Desbordamiento de búfer basado en montículo en RealNetworks RealPlayer v11.0 a v11.1, RealPlayer SP v1.0 a v1.1.4, RealPlayer Enterprise v2.1.2 y Mac RealPlayer v11.0 a v12.0.0.1444 permite a atacantes remotos tener un impacto no especificado a través de ... • http://service.real.com/realplayer/security/12102010_player/en • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 0%CPEs: 26EXPL: 0CVE-2010-0125 – RealPlayer AAC Spectral Data Parsing
https://notcve.org/view.php?id=CVE-2010-0125
14 Dec 2010 — RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.4, RealPlayer Enterprise 2.1.2, and Mac RealPlayer 11.0 through 12.0.0.1444 do not properly parse spectral data in AAC files, which has unspecified impact and remote attack vectors. RealNetworks RealPlayer v11.0 a v11.1, RealPlayer SP v1.0 a v1.1.4, RealPlayer Enterprise v2.1.2 y Mac RealPlayer v11.0 a v12.0.0.1444 no analiza correctamente los datos de espectro en los archivos AAC, que tiene un impacto no especificado usando vectores d... • http://service.real.com/realplayer/security/12102010_player/en • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 3%CPEs: 21EXPL: 0CVE-2010-4378 – RealNetworks Realplayer RV20 Stream Parsing Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-4378
10 Dec 2010 — The drv2.dll (aka RV20 decompression) module in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.5, RealPlayer Enterprise 2.1.2 and 2.1.3, Linux RealPlayer 11.0.2.1744, and possibly HelixPlayer 1.0.6 and other versions, allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted value of an unspecified length field in an RV20 video stream. El módulo drv2.dll (también conocido como descompresión RV20) en RealNetworks RealPlayer... • http://service.real.com/realplayer/security/12102010_player/en • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 1%CPEs: 18EXPL: 0CVE-2010-4384 – RealNetworks RealPlayer Media Properties Header Parsing Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-4384
10 Dec 2010 — Array index error in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer Enterprise 2.1.2, Mac RealPlayer 11.0 through 11.1, Linux RealPlayer 11.0.2.1744, and possibly HelixPlayer 1.0.6 and other versions, allows remote attackers to execute arbitrary code via a malformed Media Properties Header (aka MDPR) in a RealMedia file. Un error de indice de Array en RealNetworks RealPlayer v11.0 a v11.1, RealPlayer Enterprise v2.1.2, Mac RealPlayer v11.0 por v11.1 y Linux RealPlayer v11.0.2.1744 permite a atacantes... • http://service.real.com/realplayer/security/12102010_player/en • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 1%CPEs: 19EXPL: 0CVE-2010-4385 – HelixPlayer multiple flaws (CVE-2010-2997, CVE-2010-4375, CVE-2010-4378, CVE-2010-4379, CVE-2010-4382, CVE-2010-4383, CVE-2010-4385, CVE-2010-4386, CVE-2010-4392, CVE-2010-4376)
https://notcve.org/view.php?id=CVE-2010-4385
10 Dec 2010 — Integer overflow in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.4, RealPlayer Enterprise 2.1.2, Linux RealPlayer 11.0.2.1744, and possibly HelixPlayer 1.0.6 and other versions, allows remote attackers to have an unspecified impact via crafted frame dimensions in an SIPR stream. Desbordamiento de entero en RealNetworks RealPlayer v11.0 hasta v11.1, RealPlayer SP v1.0 hasta v1.1.4, RealPlayer Enterprisev2.1.2, y Linux RealPlayer v11.0.2.1744 permite a atacantes remotos provocar un... • http://service.real.com/realplayer/security/12102010_player/en • CWE-189: Numeric Errors •
CVSS: 9.0EPSS: 0%CPEs: 19EXPL: 0CVE-2010-4388 – RealNetworks RealPlayer Custsupport.html Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-4388
10 Dec 2010 — The (1) Upsell.htm, (2) Main.html, and (3) Custsupport.html components in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.5, and RealPlayer Enterprise 2.1.2 and 2.1.3 allow remote attackers to inject code into the RealOneActiveXObject process, and consequently bypass intended Local Machine Zone restrictions and load arbitrary ActiveX controls, via unspecified vectors. Los componentes (1) Upsell.htm, (2) Main.html, y (3) Custsupport.html en RealNetworks RealPlayer v11.0 hasta v11.1, ... • http://osvdb.org/69857 • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 20%CPEs: 19EXPL: 0CVE-2010-4391 – RealNetworks RealPlayer RMX Header Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-4391
10 Dec 2010 — Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.5, and RealPlayer Enterprise 2.1.2 and 2.1.3 allows remote attackers to execute arbitrary code via a crafted value in an unspecified header field in an RMX file. Desbordamiento de búfer basado en montón en RealNetworks RealPlayer v11.0 hasta v11.1, RealPlayer SP v1.0 hasta v1.1.5, RealPlayer Enterprise v2.1.2 y v2.1.3, permite a atacantes remotos ejecutar código de su elección a través de un valor manipuad... • http://osvdb.org/69851 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 5%CPEs: 21EXPL: 0CVE-2010-4392 – RealNetworks RealPlayer ImageMap Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-4392
10 Dec 2010 — Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.5, RealPlayer Enterprise 2.1.2 and 2.1.3, Linux RealPlayer 11.0.2.1744, and possibly HelixPlayer 1.0.6 and other versions, allows remote attackers to execute arbitrary code via crafted ImageMap data in a RealMedia file, related to certain improper integer calculations. Desbordamiento de búfer basado en montón en RealNetworks RealPlayer v11.0 hasta v11.1, RealPlayer SP v1.0 hasta v1.1.5, RealPlayer Enterpri... • http://osvdb.org/69852 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.0EPSS: 0%CPEs: 18EXPL: 0CVE-2010-4396 – RealNetworks RealPlayer Cross-Zone Scripting Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-4396
10 Dec 2010 — Cross-zone scripting vulnerability in the HandleAction method in a certain ActiveX control in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.5, and RealPlayer Enterprise 2.1.2 allows remote attackers to inject arbitrary web script or HTML in the Local Zone by specifying a local file in a NavigateToURL action, as demonstrated by a local skin file. Vulnerabilidad de secuencias de comandos en zonas cruzadas en el método HandleAction en control ActiveX en RealNetworks RealPlayer v11.0 ... • http://osvdb.org/69855 • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 1%CPEs: 17EXPL: 0CVE-2010-3748
https://notcve.org/view.php?id=CVE-2010-3748
18 Oct 2010 — Stack-based buffer overflow in the RichFX component in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.4, and RealPlayer Enterprise 2.1.2 allows remote attackers to have an unspecified impact via unknown vectors. Desbordamiento de buffer basado en pila en el componente RichFX de RealNetworks RealPlayer v11.0 hasta la v11.1, RealPlayer SP 1.0 hasta la v1.1.4, y RealPlayer Enterprise v2.1.2 permite a atacantes remotos provocar una impacto sin determinar a través de vectores desconocid... • http://service.real.com/realplayer/security/10152010_player/en • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •