Page 9 of 116 results (0.013 seconds)

CVSS: 10.0EPSS: 2%CPEs: 30EXPL: 0

Heap-based buffer overflow in the RealVideo renderer in RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via unspecified vectors. Desbordamiento de búfer basado en memoria dinámica en el procesador de RealVideo en RealNetworks RealPlayer anterior a v15.0.0 permite a atacantes remotos ejecutar código arbitrario a través de vectores no especificados. • http://service.real.com/realplayer/security/11182011_player/en • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 10.0EPSS: 3%CPEs: 30EXPL: 0

RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via a crafted RTSP SETUP request. RealNetworks RealPlayer anterior a v15.0.0 permite a atacantes remotos ejecutar código arbitrario a través de una solicitud de configuración creado RTSP. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks Real Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists due to the application mishandling an error that occurs when parsing an RTSP SETUP request. When an error occurs, the application will free a pointer to a linked list due to the stream being closed. • http://service.real.com/realplayer/security/11182011_player/en • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 10.0EPSS: 3%CPEs: 38EXPL: 0

Unspecified vulnerability in RealNetworks RealPlayer before 15.0.0 and Mac RealPlayer before 12.0.0.1703 allows remote attackers to execute arbitrary code via an invalid codec name. Vulnerabilidad no especificada en RealNetworks RealPlayer anterior a v15.0.0 y Mac RealPlayer anterior a v12.0.0.1703 permite a atacantes remotos ejecutar código arbitrario mediante un nombre de codec no válido. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks Real Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists when a user attempts to play a malicious video file containing a malformed codec name. When playing a malformed codec, the application will incorrectly free an object and then later attempt to use it by calling a virtual method pointer upon destruction. • http://service.real.com/realplayer/security/11182011_player/en •

CVSS: 9.3EPSS: 2%CPEs: 30EXPL: 0

RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via a crafted QCELP stream. RealNetworks RealPlayer anterior a v15.0.0 permite a atacantes remotos ejecutar código arbitrario a través de una corriente QCELP. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way RealPlayer handles audio encoded with the QCELP codec. The codec allows you to specify the 'block_size' that is used. • http://service.real.com/realplayer/security/11182011_player/en • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 4.3EPSS: 0%CPEs: 24EXPL: 0

Cross-zone scripting vulnerability in the RealPlayer ActiveX control in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5, RealPlayer SP 1.0 through 1.1.5, and RealPlayer Enterprise 2.0 through 2.1.5 allows remote attackers to inject arbitrary web script or HTML in the Local Zone via a local HTML document, a different vulnerability than CVE-2011-2947. Vulnerabilidad de scripting a través de zonas (cross-zone scripting) en el control ActiveX RealPlayer de RealNetworks RealPlayer 11.0 hasta la 11.1 y 14.0.0 hasta la 14.0.5, RealPlayer SP 1.0 hasta la 1.1.5, y RealPlayer Enterprise 2.0 hasta la 2.1.5. Permite a atacantes remotos inyectar código script web arbitrario o HTML en la zona local a través de un documento HTML. Una vulnerabilidad distinta a la CVE-2011-2947. • http://service.real.com/realplayer/security/08162011_player/en • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •