CVSS: 9.3EPSS: 94%CPEs: 18EXPL: 1CVE-2011-2950 – RealNetworks Realplayer QCP Parsing Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-2950
Heap-based buffer overflow in qcpfformat.dll in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5 and RealPlayer SP 1.0 through 1.1.5 allows remote attackers to execute arbitrary code via a crafted QCP file. Desbordamiento de buffer basado en memoria dinámica (heap) en qcpfformat.dll en RealNetworks RealPlayer v11.0 a v11.1 y v14.0.0 a v14.0.5, y RealPlayer SP v1.0 a v1.1.5 permite a atacantes remotos ejecutar código de su elección mediante un archivo QCP debidamente modificado. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within qcpfformat.dll, which is responsible for parsing QCP media files. The process creates a static 256 byte allocation on the heap and trusts a user-supplied counter from the file within a memory copy loop. • https://www.exploit-db.com/exploits/17849 http://securityreason.com/securityalert/8388 http://service.real.com/realplayer/security/08162011_player/en http://www.securityfocus.com/bid/49172 http://www.securitytracker.com/id?1025943 http://zerodayinitiative.com/advisories/ZDI-11-265 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 23%CPEs: 19EXPL: 0CVE-2011-2951 – RealNetworks RealPlayer Advanced Audio Coding Element Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-2951
Buffer overflow in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5, RealPlayer SP 1.0 through 1.1.5, and Mac RealPlayer 12.0.0.1569 allows remote attackers to execute arbitrary code via a crafted raw_data_frame field in an AAC file. Un desbordamiento de búfer en RealNetworks RealPlayer v11.0 a v11.1 y v14.0.0 a v14.0.5, RealPlayer SP v1.0 a v1.1.5 y Mac RealPlayer v12.0.0.1569 permite a atacantes remotos ejecutar código de su elección a través de un campo raw_data_frame debidamente modificado en un archivo AAC. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks Real Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists due to the application using a size defined in a header in order to allocate some number of bytes. When processing an AAC raw_data_frame, the application will use the product of the original length and a field inside one of its elements. • http://service.real.com/realplayer/security/08162011_player/en http://www.securitytracker.com/id?1025943 http://zerodayinitiative.com/advisories/ZDI-11-266 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.0EPSS: 0%CPEs: 18EXPL: 0CVE-2011-2947 – RealNetworks RealPlayer Cross-Zone Scripting Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-2947
Cross-zone scripting vulnerability in the RealPlayer ActiveX control in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5 and RealPlayer SP 1.0 through 1.1.5 allows remote attackers to inject arbitrary web script or HTML in the Local Zone via a local HTML document. Una vulnerabilidad de secuencias de comandos en zonas cruzadas en el control ActiveX de RealPlayer en RealNetworks RealPlayer v11.0 a v11.1 y v14.0.0 a 14.0.5, y RealPlayer SP v1.0 a v1.1.5, permite a atacantes remotos inyectar secuencias de comandos web o HTML en la zona local a través de un documento en formato HTML almacenado localmente. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists due to the fact that RealPlayer allows users to run local HTML files with scripting enabled without any warning. The RealPlayer ActiveX control can be scripted from a web browser to load local HTML files. • http://service.real.com/realplayer/security/08162011_player/en http://www.securitytracker.com/id?1025943 http://zerodayinitiative.com/advisories/ZDI-11-269 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.7EPSS: 40%CPEs: 15EXPL: 0CVE-2011-1426 – RealNetworks RealPlayer OpenURLInDefaultBrowser Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-1426
The OpenURLInDefaultBrowser method in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.2, and RealPlayer SP 1.0 through 1.1.5, launches a default handler for the filename specified in the first argument, which allows remote attackers to execute arbitrary code via a .rnx filename corresponding to a crafted RNX file. El método OpenURLInDefaultBrowser en RealNetworks RealPlayer v11.0 hasta v11.1 y v14.0.0 hasta v14.0.2, y RealPlayer SP v1.0 hasta v1.1.5, inicia un controlador por defecto para un archivo específico en el primer argumento, lo que permite a atacantes remotos ejecutar código de su elección a través de un archivo .rnx correspondiente a un archivo manipulado RNX. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within RealPlayer exposes a method called OpenURLInDefaultBrowser() that can be accessed through RealPlayer's internal browser. When this method is called, it will open and execute the first parameter based on the operating system's default handler for the filetype. • http://securitytracker.com/id?1025351 http://service.real.com/realplayer/security/04122011_player/en http://www.securityfocus.com/archive/1/517470/100/0/threaded http://www.securityfocus.com/bid/47335 http://www.vupen.com/english/advisories/2011/0979 http://zerodayinitiative.com/advisories/ZDI-11-122 https://exchange.xforce.ibmcloud.com/vulnerabilities/66728 •
CVSS: 9.3EPSS: 41%CPEs: 19EXPL: 0CVE-2011-0694 – RealNetworks Real Player Predictable Temporary File Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-0694
RealNetworks RealPlayer 11.0 through 11.1, SP 1.0 through 1.1.5, and 14.0.0 through 14.0.1, and Enterprise 2.0 through 2.1.4, uses predictable names for temporary files, which allows remote attackers to conduct cross-domain scripting attacks and execute arbitrary code via the OpenURLinPlayerBrowser function. RealNetworks RealPlayer v11.0 hasta v11.1, SP v1.0 hasta v1.1.5, y v14.0.0 hasta v14.0.1, y Enterprise v2.0 hasta v2.1.4,utiliza nombres predecibles para los archivos temporales, lo que permite a atacantes remotos realizar ataques de secuencias de comandos entre dominios y ejecutar código arbitrario a través de la función OpenURLinPlayerBrowser. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the temporary file naming scheme used for storage of references to Real Media files. This easily predictable temporary filename can be brute forced and used in combination with the OpenURLinPlayerBrowser function available in classid:FDC7A535-4070-4B92-A0EA-D9994BCC0DC5 to execute the file. • http://docs.real.com/docs/security/SecurityUpdate020811RPE.pdf http://osvdb.org/70849 http://secunia.com/advisories/43268 http://securityreason.com/securityalert/8098 http://service.real.com/realplayer/security/02082011_player/en http://www.securityfocus.com/archive/1/516318/100/0/threaded http://www.securitytracker.com/id?1025058 http://www.zerodayinitiative.com/advisories/ZDI-11-076 •