CVSS: 9.3EPSS: 2%CPEs: 30EXPL: 0CVE-2011-4247 – RealNetworks RealPlayer QCELP Stream Parsing Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-4247
RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via a crafted QCELP stream. RealNetworks RealPlayer anterior a v15.0.0 permite a atacantes remotos ejecutar código arbitrario a través de una corriente QCELP. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way RealPlayer handles audio encoded with the QCELP codec. The codec allows you to specify the 'block_size' that is used. • http://service.real.com/realplayer/security/11182011_player/en • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 2%CPEs: 30EXPL: 0CVE-2011-4257 – RealNetworks RealPlayer Cook Codec Channel Parsing Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-4257
The Cook codec in RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via crafted channel data. El Cook codec en RealNetworks RealPlayer anterior a v15.0.0 permite a atacantes remotos ejecutar código arbitrario a través de canal de datos a mano. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks Real Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application parses information out of the codec-specific data located within a media description header. When making space for audio-sample data, the application will allocate a static size. • http://service.real.com/realplayer/security/11182011_player/en • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 4.3EPSS: 0%CPEs: 24EXPL: 0CVE-2011-1221
https://notcve.org/view.php?id=CVE-2011-1221
Cross-zone scripting vulnerability in the RealPlayer ActiveX control in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5, RealPlayer SP 1.0 through 1.1.5, and RealPlayer Enterprise 2.0 through 2.1.5 allows remote attackers to inject arbitrary web script or HTML in the Local Zone via a local HTML document, a different vulnerability than CVE-2011-2947. Vulnerabilidad de scripting a través de zonas (cross-zone scripting) en el control ActiveX RealPlayer de RealNetworks RealPlayer 11.0 hasta la 11.1 y 14.0.0 hasta la 14.0.5, RealPlayer SP 1.0 hasta la 1.1.5, y RealPlayer Enterprise 2.0 hasta la 2.1.5. Permite a atacantes remotos inyectar código script web arbitrario o HTML en la zona local a través de un documento HTML. Una vulnerabilidad distinta a la CVE-2011-2947. • http://service.real.com/realplayer/security/08162011_player/en • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 2%CPEs: 23EXPL: 0CVE-2011-2946
https://notcve.org/view.php?id=CVE-2011-2946
Unspecified vulnerability in an ActiveX control in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5, RealPlayer SP 1.0 through 1.1.5, and RealPlayer Enterprise 2.0 through 2.1.5 allows remote attackers to execute arbitrary code via unknown vectors. Vulnerabilidad no especificada en un control ActiveX en RealNetworks RealPlayer v11.0 a v11.1 y v14.0.0 a v14.0.5, RealPlayer SP v1.0 a v1.1.5, y RealPlayer Enterprise v2.0 a v2.1.5 permite a atacantes remotos ejecutar código de su elección a través de vectores desconocidos. • http://service.real.com/realplayer/security/08162011_player/en http://www.securitytracker.com/id?1025943 •
CVSS: 9.3EPSS: 1%CPEs: 24EXPL: 0CVE-2011-2952
https://notcve.org/view.php?id=CVE-2011-2952
Use-after-free vulnerability in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5, RealPlayer SP 1.0 through 1.1.5, and RealPlayer Enterprise 2.0 through 2.1.5 allows remote attackers to execute arbitrary code via vectors related to a dialog box. Vulnerabilidad de uso después de liberación en RealNetworks RealPlayer v11.0 a v11.1 y v14.0.0 a v14.0.5, RealPlayer SP v1.0 a v1.1.5, y RealPlayer Enterprise v2.0 a v2.1.5 permite a atacantes remotos ejecutar código de su elección a través de vectores relacionados con un cuadro de diálogo. • http://service.real.com/realplayer/security/08162011_player/en http://www.securitytracker.com/id?1025943 • CWE-399: Resource Management Errors •