CVSS: 9.3EPSS: 6%CPEs: 33EXPL: 0CVE-2012-0925 – RealNetworks RealPlayer RV40 Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2012-0925
Unspecified vulnerability in the RV40 codec in RealNetworks RealPlayer 11.x, 14.x, and 15.x before 15.02.71, and RealPlayer SP 1.0 through 1.1.5, allows remote attackers to execute arbitrary code via a crafted RV40 RealVideo video stream. Vulnerabilidad no especificada en el codec RV40 en RealNetworks RealPlayer v11.x, v14.x, v15.x, y anterior a v15.02.71, y RealPlayer SP v1.0 a v1.1.5, permite a atacantes remotos ejecutar código arbitrario a través de una secuencia de flujo de vídeo RV40 RealVideo. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required in that a target must visit a malicious page or open a malicious file. The flaw exists within the rv40.dll component for RealNetworks RealPlayer. When parsing a stream containing RV40 sample data, a value is miscalculated before being used as an offset from a base pointer address. • http://osvdb.org/78914 http://secunia.com/advisories/47896 http://service.real.com/realplayer/security/02062012_player/en http://www.securityfocus.com/bid/51887 https://exchange.xforce.ibmcloud.com/vulnerabilities/73021 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 5%CPEs: 33EXPL: 0CVE-2012-0923 – RealNetworks RealPlayer RV20 Frame Size Array Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2012-0923
The RV20 codec in RealNetworks RealPlayer 11.x, 14.x, and 15.x before 15.02.71, and RealPlayer SP 1.0 through 1.1.5, does not properly handle the frame size array, which allows remote attackers to execute arbitrary code via a crafted RV20 RealVideo video stream. El codec RV20 en RealNetworks RealPlayer v11.x, v14.x, v15.x, y anterior a v15.02.71, y RealPlayer SP v1.0 a v1.1.5, no controla correctamente el tamaño de la matriz de marco, que permite a atacantes remotos ejecutar código arbitrario a través de una secuencia de vídeo diseñado RV20 RealVideo. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application parses a particular array contained within a Real Media file and then uses the data. When allocating and reading frame size information, the application will fail to check the bounds of how this array is used. • http://osvdb.org/78912 http://secunia.com/advisories/47896 http://service.real.com/realplayer/security/02062012_player/en http://www.securityfocus.com/bid/51884 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 1%CPEs: 38EXPL: 0CVE-2011-4245
https://notcve.org/view.php?id=CVE-2011-4245
The RealVideo renderer in RealNetworks RealPlayer before 15.0.0 and Mac RealPlayer before 12.0.0.1703 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. El procesador de RealVideo en RealNetworks RealPlayer anterior a v15.0.0 y Mac RealPlayer anterior a v12.0.0.1703 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de vectores no especificados. • http://service.real.com/realplayer/security/11182011_player/en • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 3%CPEs: 38EXPL: 0CVE-2011-4256 – RealNetworks RealPlayer RV30 Uninitialized Index Value Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-4256
The RV30 codec in RealNetworks RealPlayer before 15.0.0 and Mac RealPlayer before 12.0.0.1703 does not initialize an unspecified index value, which allows remote attackers to execute arbitrary code via unknown vectors. El codec RV30 en RealNetworks RealPlayer anterior a v15.0.0 y Mac RealPlayer anterior a v12.0.0.1703 no se inicializa un valor de índice especificado, lo que permite a atacantes remotos ejecutar código arbitrario a través de vectores desconocidos. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks Real Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application parses sample data encoded with the RV30 codec. When parsing this sample data, the application will make an allocation and then fail to completely initialize the buffer. • http://service.real.com/realplayer/security/11182011_player/en • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 5%CPEs: 30EXPL: 0CVE-2011-4261 – RealNetworks RealPlayer dmp4 esds Width Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-4261
RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via crafted video dimensions in an MP4 file. RealNetworks RealPlayer anterior a v15.0.0 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (heap memory corruption) a través de las dimensiones de video creadas en un archivo MP4. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the dmp4 component. If the width value is altered inside the esds atom, arithmetic instructions within RealPlayer code can result in a loop counter wrapping to a large value. • http://service.real.com/realplayer/security/11182011_player/en • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •