CVSS: 10.0EPSS: 2%CPEs: 30EXPL: 0CVE-2011-4249 – RealNetworks RealPlayer RV30 Sample Arbitrary Index Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-4249
Array index error in the RV30 codec in RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via unspecified vectors. El índice de matriz de error en el codec RV30 en RealNetworks RealPlayer anterior a v15.0.0 permite a atacantes remotos ejecutar código arbitrario a través de vectores no especificados. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks Real Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application parses sample data encoded with the RV30 codec. When processing certain values within the sample data, the application will use a one as a size for an allocation, and then the use the immediately following byte as an index into that buffer. • http://service.real.com/realplayer/security/11182011_player/en • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 3%CPEs: 38EXPL: 0CVE-2011-4253 – RealNetworks RealPlayer RV20 Decoding Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-4253
Unspecified vulnerability in the RV20 codec in RealNetworks RealPlayer before 15.0.0 and Mac RealPlayer before 12.0.0.1703 allows remote attackers to execute arbitrary code via unknown vectors. Vulnerabilidad no especificada en el codec RV20 en RealNetworks RealPlayer anterior a v15.0.0 y Mac RealPlayer anterior a v12.0.0.1703 permite a atacantes remotos ejecutar código arbitrario a través de vectores desconocidos. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way that the application allocates space for parsing sample data encoded with the RV20 codec. After allocation, the application will partially fill the allocation with sample data. • http://service.real.com/realplayer/security/11182011_player/en •
CVSS: 10.0EPSS: 3%CPEs: 38EXPL: 0CVE-2011-4250 – RealNetworks RealPlayer ATRC Code Data Parsing Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-4250
Unspecified vulnerability in the ATRC codec in RealNetworks RealPlayer before 15.0.0 and Mac RealPlayer before 12.0.0.1703 allows remote attackers to execute arbitrary code via unknown vectors. Vulnerabilidad no especificada en el codec de ATRC en RealNetworks RealPlayer anterior a v15.0.0 y Mac RealPlayer anterior a v12.0.0.1703 permite a atacantes remotos ejecutar código arbitrario a través de vectores desconocidos. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the ATRC codec parses sample data out of the media file. When reading bit sizes from the sample, the application will seek a structure that is used for consuming bits from the sample stream outside the bounds of the correct data. • http://service.real.com/realplayer/security/11182011_player/en •
CVSS: 9.3EPSS: 2%CPEs: 30EXPL: 0CVE-2011-4258 – RealNetworks RealPlayer IVR MLTI Chunk Length Parsing Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-4258
RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via a crafted length of an MLTI chunk in an IVR file. RealNetworks RealPlayer anterior a v15.0.0 permite a atacantes remotos ejecutar código arbitrario a través de un trozo MLTI en un archivo IVR. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks Real Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application parses a header defined within a .ivr file. When parsing this header the application will explicitly trust a 16-bit value denoting an size and use it for performing an allocation. • http://service.real.com/realplayer/security/11182011_player/en • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 3%CPEs: 30EXPL: 0CVE-2011-4254 – RealNetworks RealPlayer RTSP SETUP Request Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-4254
RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via a crafted RTSP SETUP request. RealNetworks RealPlayer anterior a v15.0.0 permite a atacantes remotos ejecutar código arbitrario a través de una solicitud de configuración creado RTSP. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks Real Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists due to the application mishandling an error that occurs when parsing an RTSP SETUP request. When an error occurs, the application will free a pointer to a linked list due to the stream being closed. • http://service.real.com/realplayer/security/11182011_player/en • CWE-94: Improper Control of Generation of Code ('Code Injection') •