CVSS: 10.0EPSS: 1%CPEs: 24EXPL: 0CVE-2011-2953
https://notcve.org/view.php?id=CVE-2011-2953
An unspecified ActiveX control in the browser plugin in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5, RealPlayer SP 1.0 through 1.1.5, and RealPlayer Enterprise 2.0 through 2.1.5 allows remote attackers to execute arbitrary code via unknown vectors, related to an out-of-bounds condition. Un control ActiveX no especificado en el plugin para los navegadores de RealNetworks RealPlayer v11.0 a v11.1 y v14.0.0 a v14.0.5, y RealPlayer SP v1.0 a v1.1.5, y RealPlayer Enterprise v2.0 a v2.1.5 permite a atacantes remotos ejecutar código de su elección a través de vectores desconocidos, relacionados con una situación de acceso a datos fuera de rango. • http://service.real.com/realplayer/security/08162011_player/en http://www.securitytracker.com/id?1025943 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 1%CPEs: 24EXPL: 0CVE-2011-2955
https://notcve.org/view.php?id=CVE-2011-2955
Use-after-free vulnerability in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5, RealPlayer SP 1.0 through 1.1.5, and RealPlayer Enterprise 2.0 through 2.1.5, when an Embedded RealPlayer is used, allows remote attackers to execute arbitrary code via vectors related to a modal dialog. Vulnerabilidad de uso después de liberación en RealNetworks RealPlayer v11.0 hasta la v11.1 y v14.0.0 hasta la v14.0.5, RealPlayer SP 1.0 a v1.1.5, y RealPlayer Enterprise v2.0 a v2.1.5, cuando se utiliza el RealPlayer incrustado en otras aplicaciones, permite a atacantes remotos ejecutar código de su elección a través de vectores relacionados con un diálogo modal. • http://service.real.com/realplayer/security/08162011_player/en http://www.securitytracker.com/id?1025943 • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 17%CPEs: 24EXPL: 0CVE-2011-2948 – RealNetworks RealPlayer SWF DefineFont Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-2948
RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5, RealPlayer SP 1.0 through 1.1.5, RealPlayer Enterprise 2.0 through 2.1.5, and Mac RealPlayer 12.0.0.1569 do not properly handle DEFINEFONT fields in SWF files, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted file. RealNetworks RealPlayer v11.0 a v11.1 y v14.0.0 a v14.0.5, RealPlayer SP v1.0 a v1.1.5, RealPlayer Enterprise v2.0 a v2.1.5 y Mac RealPlayer v12.0.0.1569 no gestionan adecuadamente los campos DEFINEFONT en los archivos SWF, lo que permite ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria heap) a atacantes remotos a través de un archivo debidamente modificado. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way RealPlayer handles DEFINEFONT fields in Flash Files. When the process parses corrupt a ShapeRecord with the DefineFont record it reads outside a stack buffer and uses a random stack value as a heap pointer. • http://service.real.com/realplayer/security/08162011_player/en http://www.securitytracker.com/id?1025943 http://zerodayinitiative.com/advisories/ZDI-11-268 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 23%CPEs: 23EXPL: 0CVE-2011-2949 – RealNetworks Realplayer MP3 ID3 tags Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-2949
Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5, RealPlayer SP 1.0 through 1.1.5, and RealPlayer Enterprise 2.0 through 2.1.5 allows remote attackers to execute arbitrary code via crafted ID3v2 tags in an MP3 file. Una vulnerabilidad de desbordamiento de buffer basado en memoria dinámica (heap) en RealNetworks RealPlayer v11.0 a v11.1 y v14.0.0 a v14.0.5, RealPlayer SP v1.0 a v1.1.5, y RealPlayer Enterprise v2.0 a v2.1.5 permite a atacantes remotos ejecutar código de su elección a través de etiquetas ID3v2 debidamente modificadas en un archivo MP3. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks Realplayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way RealPlayer handles ID3v2 Tags. RealPlayer creates a fixed size buffer for certain tags and will then populate them with the data from the file. • http://service.real.com/realplayer/security/08162011_player/en http://www.securitytracker.com/id?1025943 http://zerodayinitiative.com/advisories/ZDI-11-267 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 39%CPEs: 24EXPL: 4CVE-2011-1525 – RealPlayer 14.0.1.633 - Heap Overflow
https://notcve.org/view.php?id=CVE-2011-1525
Heap-based buffer overflow in rvrender.dll in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.2, and RealPlayer SP 1.0 through 1.1.5, allows remote attackers to execute arbitrary code via a crafted frame in an Internet Video Recording (IVR) file. Desbordamiento de búfer en la región heap de la memoria en la biblioteca rvrender.dll en RealPlayer versiones 11.0 hasta 11.1 y versiones 14.0.0 hasta 14.0.2, y RealPlayer SP versiones 1.0 hasta 1.1.5, de RealNetworks, permite a atacantes remotos ejecutar código arbitrario por medio de una trama especialmente diseñada en un archivo de Internet Video Recording ( IVR). • https://www.exploit-db.com/exploits/17019 http://aluigi.org/adv/real_5-adv.txt http://osvdb.org/71260 http://secunia.com/advisories/43847 http://securityreason.com/securityalert/8181 http://service.real.com/realplayer/security/04122011_player/en http://www.exploit-db.com/exploits/17019 http://www.securityfocus.com/archive/1/517083/100/0/threaded http://www.securityfocus.com/bid/46946 http://www.securitytracker.com/id?1025245 https://exchange.xforce.ibmcloud.com/vulnerabili • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •