RealNetworks RealPlayer QCP Parsing Buffer Overflow (CVE-2011-2950)

A code execution vulnerability has been reported in RealNetworks RealPlayer. The vulnerability is due to insufficient bounds checking while parsing .qcp files. A remote attacker may exploit this vulnerability by enticing a user to open a specially crafted .qcp file with an affected version of...

Cross site scripting

Cross-zone scripting vulnerability in the RealPlayer ActiveX control in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5, RealPlayer SP 1.0 through 1.1.5, and RealPlayer Enterprise 2.0 through 2.1.5 allows remote attackers to inject arbitrary web script or HTML in the Local Zon...

CVE-2011-1221

CVE-2011-1221 is a cross-zone scripting vulnerability in the RealPlayer ActiveX control affecting RealPlayer 11.0–11.1, 14.0.0–14.0.5; RealPlayer SP 1.0–1.1.5; and RealPlayer Enterprise 2.0–2.1.5. The issue allows remote attackers to inject arbitrary web script or HTML in the Local Zone via a loc...

RealNetworks Realplayer QCP Parsing Heap Overflow

$Id: realplayerqcp.rb 13745 2011-09-17 06:48:33Z sinn3r $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framewor...

RealNetworks Realplayer QCP Parsing Heap Overflow

Exploit for windows platform in category remote exploits $Id: realplayerqcp.rb 13745 2011-09-17 06:48:33Z sinn3r $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on...

RealNetworks RealPlayer QCP Parsing

Added: 09/12/2011 CVE: CVE-2011-2950 BID: 49172 OSVDB: 74549 Background RealPlayer is a media player application which can play back various multimedia file formats, including QCP audio files. The QCP file format is frequently used to provide ring tones and to record voice for cellular telephones...

RealNetworks RealPlayer QCP Parsing

Added: 09/12/2011 CVE: CVE-2011-2950 BID: 49172 OSVDB: 74549 Background RealPlayer is a media player application which can play back various multimedia file formats, including QCP audio files. The QCP file format is frequently used to provide ring tones and to record voice for cellular telephones...

RealNetworks RealPlayer Multiple Vulnerabilities - Mac OS X

RealPlayer is prone to multiple vulnerabilities SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

RealNetworks RealPlayer Multiple Vulnerabilities (Aug 2011) - Windows

RealPlayer is prone to multiple vulnerabilities SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

RealNetworks RealPlayer Detection (Mac OS X SSH Login)

Detects the installed version of RealPlayer on MAC. The script logs in via ssh, gets the version by using a command and set it in the KB item. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right...

Real Networks RealPlayer(CVE-2011-2953) ActiveX控件越界远程代码执行漏洞

Bugtraq ID: 49200 CVE ID：CVE-2011-2953 RealNetworks RealPlayer是一款流行的媒体播放程序 RealNetworks RealPlayer ActiveX控件存在一个越界安全漏洞，攻击者构建恶意WEB页，诱使用户解析，可以应用程序上下文执行任意代码。目前没有详细漏洞细节提供 0 Real Networks RealPlayer SP 1.0.5 Real Networks RealPlayer SP 1.0.2 Real Networks RealPlayer SP 1.0.1 Real Networks RealPlayer S...

CVE-2011-2951

Buffer overflow in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5, RealPlayer SP 1.0 through 1.1.5, and Mac RealPlayer 12.0.0.1569 allows remote attackers to execute arbitrary code via a crafted rawdataframe field in an AAC file...

CVE-2011-2954

Use-after-free vulnerability in the AutoUpdate feature in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5 and RealPlayer SP 1.0 through 1.1.5, when an Embedded RealPlayer is used, allows remote attackers to execute arbitrary code via unspecified vectors...

CVE-2011-2953

An unspecified ActiveX control in the browser plugin in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5, RealPlayer SP 1.0 through 1.1.5, and RealPlayer Enterprise 2.0 through 2.1.5 allows remote attackers to execute arbitrary code via unknown vectors, related to an...

CVE-2011-2955

Use-after-free vulnerability in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5, RealPlayer SP 1.0 through 1.1.5, and RealPlayer Enterprise 2.0 through 2.1.5, when an Embedded RealPlayer is used, allows remote attackers to execute arbitrary code via vectors related to a modal...

CVE-2011-2952

Use-after-free vulnerability in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5, RealPlayer SP 1.0 through 1.1.5, and RealPlayer Enterprise 2.0 through 2.1.5 allows remote attackers to execute arbitrary code via vectors related to a dialog box...

CVE-2011-2952

Use-after-free vulnerability in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5, RealPlayer SP 1.0 through 1.1.5, and RealPlayer Enterprise 2.0 through 2.1.5 allows remote attackers to execute arbitrary code via vectors related to a dialog box...

Design/Logic Flaw

Use-after-free vulnerability in the AutoUpdate feature in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5 and RealPlayer SP 1.0 through 1.1.5, when an Embedded RealPlayer is used, allows remote attackers to execute arbitrary code via unspecified vectors...

Design/Logic Flaw

Use-after-free vulnerability in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5, RealPlayer SP 1.0 through 1.1.5, and RealPlayer Enterprise 2.0 through 2.1.5 allows remote attackers to execute arbitrary code via vectors related to a dialog box...

Heap overflow

Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5, RealPlayer SP 1.0 through 1.1.5, and RealPlayer Enterprise 2.0 through 2.1.5 allows remote attackers to execute arbitrary code via crafted ID3v2 tags in an MP3 file...