Page 7 of 161 results (0.003 seconds)

CVSS: 9.3EPSS: 2%CPEs: 38EXPL: 0

The RV10 codec in RealNetworks RealPlayer before 15.0.0 and Mac RealPlayer before 12.0.0.1703 allows remote attackers to execute arbitrary code via a crafted sample height. El codec RV10 en RealNetworks RealPlayer anterior a v15.0.0 y Mac RealPlayer anterior a v12.0.0.1703 permite a atacantes remotos ejecutar código arbitrario a través de una altura de la muestra diseñada. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks Real Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists when the application attempts to parse a height out of the RV10 codec object. The application will incorrectly treat the value as a signed integer and will its value as the count within a loop that populates rows of sample data within a buffer. • http://service.real.com/realplayer/security/11182011_player/en • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 10.0EPSS: 1%CPEs: 38EXPL: 0

The AAC codec in RealNetworks RealPlayer before 15.0.0 and Mac RealPlayer before 12.0.0.1703 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. El codec AAC en RealNetworks RealPlayer anterior a v15.0.0 y Mac RealPlayer anterior a v12.0.0.1703 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de vectores no especificados. • http://service.real.com/realplayer/security/11182011_player/en • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 9.3EPSS: 2%CPEs: 30EXPL: 0

Unspecified vulnerability in RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via a crafted MP4 file. Vulnerabilidad no especificada en RealNetworks RealPlayer anterior a v15.0.0 permite a atacantes remotos ejecutar código arbitrario mediante un archivo MP4 diseñado This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks Realplayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within mp4fformat. The vulnerability resides in adding 1 to a trusted size value being taken out of the file data. The size value is then used in an operator_new call. • http://service.real.com/realplayer/security/11182011_player/en •

CVSS: 9.3EPSS: 2%CPEs: 30EXPL: 0

RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via a malformed header in an MP4 file. RealNetworks RealPlayer anterior a v15.0.0 permite a atacantes remotos ejecutar código arbitrario mediante una cabecera con formato incorrecto en un archivo MP4. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks Realplayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the mp4arender.dll module. If the channel count is altered inside the esds atom, the allocated buffer will be too small to support the decoded audio data, causing a heap overflow. • http://service.real.com/realplayer/security/11182011_player/en • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 9.3EPSS: 2%CPEs: 30EXPL: 0

RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via a crafted sample size in a RealAudio file. RealNetworks RealPlayer anterior a v15.0.0 permite a atacantes remotos ejecutar código arbitrario a través de una muestra hecha a mano en un archivo de RealAudio. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application processes the audio specific data within a RealMedia audio file. When decoding sample data, the application will explicitly trust a length read from the sample data when populating a buffer that is allocated based on the codec information. • http://service.real.com/realplayer/security/11182011_player/en • CWE-94: Improper Control of Generation of Code ('Code Injection') •