CVE-2010-0121
https://notcve.org/view.php?id=CVE-2010-0121
The cook codec in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.5, Mac RealPlayer 11.0 through 12.0.0.1444, and Linux RealPlayer 11.0.2.1744 does not properly perform initialization, which has unspecified impact and attack vectors. El codec cook en RealNetworks RealPlayer v11.0 hasta 11.1, RealPlayer SP 1.0 hasta v1.1.5, Mac RealPlayer 11.0 hasta v12.0.0.144, y Linux RealPlayer v11.0.2.1744 no realiza correctamente la inicialización, que tiene un impacto y unos vectores de ataque no especificados. • http://service.real.com/realplayer/security/12102010_player/en http://www.securitytracker.com/id?1024861 •
CVE-2010-4390
https://notcve.org/view.php?id=CVE-2010-4390
Multiple heap-based buffer overflows in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.5, and Linux RealPlayer 11.0.2.1744 allow remote attackers to have an unspecified impact via a crafted header in an IVR file. Múltiples vilnerabilidades de desbordamiento de búfer basadas en montón en RealNetworks RealPlayer v11.0 hasta v11.1, RealPlayer SP v1.0 hasta v1.1.5, y Linux RealPlayer v11.0.2.1744, permite a atacantes remotos provocar un impacto no especificado a través de una cabecera manipuada en un archivo IVR. • http://osvdb.org/69850 http://service.real.com/realplayer/security/12102010_player/en http://www.securitytracker.com/id?1024861 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2010-4394 – RealNetworks RealPlayer RealPix Server Header Parsing Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-4394
Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.5 allows remote web servers to execute arbitrary code via a long Server header in a response to an HTTP request that occurs during parsing of a RealPix file. Desbordamiento de Desbordamiento de búfer basado en montículo en RealNetworks RealPlayer v11.0 hasta v11.1 y RealPlayer SP v1.0 hasta v1.1.5, permite a servidores web remotos ejecutar codigo de su elección a través de una cabecera Server larga en respuesta a una petición HTTP que ocurre durante el parseo de un archivo RealPix. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within RealPlayer's parsing of RealPix files. If such a file contains an image tag pointing to a remote server, the player will attempt to fetch the remote file. • http://osvdb.org/69853 http://service.real.com/realplayer/security/12102010_player/en http://www.securitytracker.com/id?1024861 http://www.zerodayinitiative.com/advisories/ZDI-10-282 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2010-4388 – RealNetworks RealPlayer Custsupport.html Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-4388
The (1) Upsell.htm, (2) Main.html, and (3) Custsupport.html components in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.5, and RealPlayer Enterprise 2.1.2 and 2.1.3 allow remote attackers to inject code into the RealOneActiveXObject process, and consequently bypass intended Local Machine Zone restrictions and load arbitrary ActiveX controls, via unspecified vectors. Los componentes (1) Upsell.htm, (2) Main.html, y (3) Custsupport.html en RealNetworks RealPlayer v11.0 hasta v11.1, RealPlayer SP v1.0 hasta v1.1.5, RealPlayer Enterprise v2.1.2 y v2.1.3, permiten a atacantes remotos inyectar código en el proceso RealOneActiveXObject y evitar las restricciones Local Machine Zone establecidas y cargar controles ActiveX de su elección a través de vectores no especificados. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the Custsupport.html component of the RealPlayer default installation. Due to a failure to properly sanitize user-supplied input, it is possible for an attacker to inject arbitrary code into the RealOneActiveXObject process. • http://osvdb.org/69857 http://osvdb.org/69858 http://osvdb.org/69859 http://service.real.com/realplayer/security/12102010_player/en http://www.securitytracker.com/id?1024861 http://www.zerodayinitiative.com/advisories/ZDI-10-276 http://www.zerodayinitiative.com/advisories/ZDI-10-277 http://www.zerodayinitiative.com/advisories/ZDI-10-278 • CWE-20: Improper Input Validation •
CVE-2010-4392 – RealNetworks RealPlayer ImageMap Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-4392
Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.5, RealPlayer Enterprise 2.1.2 and 2.1.3, Linux RealPlayer 11.0.2.1744, and possibly HelixPlayer 1.0.6 and other versions, allows remote attackers to execute arbitrary code via crafted ImageMap data in a RealMedia file, related to certain improper integer calculations. Desbordamiento de búfer basado en montón en RealNetworks RealPlayer v11.0 hasta v11.1, RealPlayer SP v1.0 hasta v1.1.5, RealPlayer Enterprise v2.1.2 y v2.1.3, y Linux RealPlayer v11.0.2.1744, permite a atacantes remotos ejecutar código de su elección a través de datos ImageMap manipulados en un archivo RealMedia. Relacionado con algunos calculos de entero inadecuados. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application decodes data for a particular mime type within a RealMedia file. • http://osvdb.org/69852 http://service.real.com/realplayer/security/12102010_player/en http://www.redhat.com/support/errata/RHSA-2010-0981.html http://www.securitytracker.com/id?1024861 http://www.zerodayinitiative.com/advisories/ZDI-10-280 https://access.redhat.com/security/cve/CVE-2010-4392 https://bugzilla.redhat.com/show_bug.cgi?id=662772 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •