CVSS: 10.0EPSS: 3%CPEs: 38EXPL: 0CVE-2011-4250 – RealNetworks RealPlayer ATRC Code Data Parsing Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-4250
Unspecified vulnerability in the ATRC codec in RealNetworks RealPlayer before 15.0.0 and Mac RealPlayer before 12.0.0.1703 allows remote attackers to execute arbitrary code via unknown vectors. Vulnerabilidad no especificada en el codec de ATRC en RealNetworks RealPlayer anterior a v15.0.0 y Mac RealPlayer anterior a v12.0.0.1703 permite a atacantes remotos ejecutar código arbitrario a través de vectores desconocidos. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the ATRC codec parses sample data out of the media file. When reading bit sizes from the sample, the application will seek a structure that is used for consuming bits from the sample stream outside the bounds of the correct data. • http://service.real.com/realplayer/security/11182011_player/en •
CVSS: 9.3EPSS: 2%CPEs: 30EXPL: 0CVE-2011-4258 – RealNetworks RealPlayer IVR MLTI Chunk Length Parsing Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-4258
RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via a crafted length of an MLTI chunk in an IVR file. RealNetworks RealPlayer anterior a v15.0.0 permite a atacantes remotos ejecutar código arbitrario a través de un trozo MLTI en un archivo IVR. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks Real Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application parses a header defined within a .ivr file. When parsing this header the application will explicitly trust a 16-bit value denoting an size and use it for performing an allocation. • http://service.real.com/realplayer/security/11182011_player/en • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 3%CPEs: 30EXPL: 0CVE-2011-4254 – RealNetworks RealPlayer RTSP SETUP Request Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-4254
RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via a crafted RTSP SETUP request. RealNetworks RealPlayer anterior a v15.0.0 permite a atacantes remotos ejecutar código arbitrario a través de una solicitud de configuración creado RTSP. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks Real Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists due to the application mishandling an error that occurs when parsing an RTSP SETUP request. When an error occurs, the application will free a pointer to a linked list due to the stream being closed. • http://service.real.com/realplayer/security/11182011_player/en • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 2%CPEs: 30EXPL: 0CVE-2011-4247 – RealNetworks RealPlayer QCELP Stream Parsing Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-4247
RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via a crafted QCELP stream. RealNetworks RealPlayer anterior a v15.0.0 permite a atacantes remotos ejecutar código arbitrario a través de una corriente QCELP. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way RealPlayer handles audio encoded with the QCELP codec. The codec allows you to specify the 'block_size' that is used. • http://service.real.com/realplayer/security/11182011_player/en • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 2%CPEs: 30EXPL: 0CVE-2011-4257 – RealNetworks RealPlayer Cook Codec Channel Parsing Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-4257
The Cook codec in RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via crafted channel data. El Cook codec en RealNetworks RealPlayer anterior a v15.0.0 permite a atacantes remotos ejecutar código arbitrario a través de canal de datos a mano. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks Real Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application parses information out of the codec-specific data located within a media description header. When making space for audio-sample data, the application will allocate a static size. • http://service.real.com/realplayer/security/11182011_player/en • CWE-94: Improper Control of Generation of Code ('Code Injection') •