CVSS: 10.0EPSS: 2%CPEs: 30EXPL: 0CVE-2011-4244
https://notcve.org/view.php?id=CVE-2011-4244
Heap-based buffer overflow in the RealVideo renderer in RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via unspecified vectors. Desbordamiento de búfer basado en memoria dinámica en el procesador de RealVideo en RealNetworks RealPlayer anterior a v15.0.0 permite a atacantes remotos ejecutar código arbitrario a través de vectores no especificados. • http://service.real.com/realplayer/security/11182011_player/en • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 3%CPEs: 30EXPL: 0CVE-2011-4254 – RealNetworks RealPlayer RTSP SETUP Request Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-4254
RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via a crafted RTSP SETUP request. RealNetworks RealPlayer anterior a v15.0.0 permite a atacantes remotos ejecutar código arbitrario a través de una solicitud de configuración creado RTSP. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks Real Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists due to the application mishandling an error that occurs when parsing an RTSP SETUP request. When an error occurs, the application will free a pointer to a linked list due to the stream being closed. • http://service.real.com/realplayer/security/11182011_player/en • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 3%CPEs: 38EXPL: 0CVE-2011-4255 – RealNetworks RealPlayer Invalid Codec Name Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-4255
Unspecified vulnerability in RealNetworks RealPlayer before 15.0.0 and Mac RealPlayer before 12.0.0.1703 allows remote attackers to execute arbitrary code via an invalid codec name. Vulnerabilidad no especificada en RealNetworks RealPlayer anterior a v15.0.0 y Mac RealPlayer anterior a v12.0.0.1703 permite a atacantes remotos ejecutar código arbitrario mediante un nombre de codec no válido. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks Real Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists when a user attempts to play a malicious video file containing a malformed codec name. When playing a malformed codec, the application will incorrectly free an object and then later attempt to use it by calling a virtual method pointer upon destruction. • http://service.real.com/realplayer/security/11182011_player/en •
CVSS: 9.3EPSS: 2%CPEs: 30EXPL: 0CVE-2011-4247 – RealNetworks RealPlayer QCELP Stream Parsing Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-4247
RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via a crafted QCELP stream. RealNetworks RealPlayer anterior a v15.0.0 permite a atacantes remotos ejecutar código arbitrario a través de una corriente QCELP. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way RealPlayer handles audio encoded with the QCELP codec. The codec allows you to specify the 'block_size' that is used. • http://service.real.com/realplayer/security/11182011_player/en • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 4.3EPSS: 0%CPEs: 24EXPL: 0CVE-2011-1221
https://notcve.org/view.php?id=CVE-2011-1221
Cross-zone scripting vulnerability in the RealPlayer ActiveX control in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5, RealPlayer SP 1.0 through 1.1.5, and RealPlayer Enterprise 2.0 through 2.1.5 allows remote attackers to inject arbitrary web script or HTML in the Local Zone via a local HTML document, a different vulnerability than CVE-2011-2947. Vulnerabilidad de scripting a través de zonas (cross-zone scripting) en el control ActiveX RealPlayer de RealNetworks RealPlayer 11.0 hasta la 11.1 y 14.0.0 hasta la 14.0.5, RealPlayer SP 1.0 hasta la 1.1.5, y RealPlayer Enterprise 2.0 hasta la 2.1.5. Permite a atacantes remotos inyectar código script web arbitrario o HTML en la zona local a través de un documento HTML. Una vulnerabilidad distinta a la CVE-2011-2947. • http://service.real.com/realplayer/security/08162011_player/en • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •