1046 matches found
RealNetworks RealPlayer CDDA URI Uninitialized Pointer Code Execution
Added: 10/22/2010 CVE: CVE-2010-3747 BID: 44144 OSVDB: 68673 Background RealPlayer and RealOne Player include a number of ActiveX controls allowing functions to be called by scripts embedded in web pages. Problem CDDA cdda:// is a protocol used to locate media files on Compact Disc Digital Audio...
CVE-2010-3747
An ActiveX control in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.4, and RealPlayer Enterprise 2.1.2 does not properly initialize an unspecified object component during parsing of a CDDA URI, which allows remote attackers to execute arbitrary code or cause a denial of...
CVE-2010-2998
Array index error in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.0.1 allows remote attackers to execute arbitrary code via malformed sample data in a RealMedia .IVR file, related to a "malformed IVR pointer index" issue...
CVE-2010-2578
Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.4, and RealPlayer Enterprise 2.1.2 allows remote attackers to have an unspecified impact via a crafted QCP file...
CVE-2010-3750
rjrmrpln.dll in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.4, and RealPlayer Enterprise 2.1.2 does not properly validate file contents that are used during interaction with a heap buffer, which allows remote attackers to execute arbitrary code via crafted Name Value...
CVE-2010-3749
The browser-plugin implementation in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1 allows remote attackers to arguments to the RecordClip method, which allows remote attackers to download an arbitrary program onto a client machine, and execute this program, via a "...
CVE-2010-3751
Multiple heap-based buffer overflows in an ActiveX control in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.4 allow remote attackers to execute arbitrary code via a long .smil argument to the 1 tfile, 2 pnmm, or 3 cdda protocol handler...
Heap overflow
rjrmrpln.dll in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.4, and RealPlayer Enterprise 2.1.2 does not properly validate file contents that are used during interaction with a heap buffer, which allows remote attackers to execute arbitrary code via crafted Name Value...
DSquare Exploit Pack: D2SEC_CDDAURI
Name| d2seccddauri ---|--- CVE| CVE-2010-3747 Exploit Pack| D2ExploitPack Description| RealNetworks RealPlayer ActiveX CDDA URI Uninitialized Pointer Remote Code Execution Vulnerability Notes|...
Stack overflow
Stack-based buffer overflow in the RichFX component in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.4, and RealPlayer Enterprise 2.1.2 allows remote attackers to have an unspecified impact via unknown vectors...
Heap overflow
Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.4, and RealPlayer Enterprise 2.1.2 allows remote attackers to have an unspecified impact via a crafted QCP file...
DSquare Exploit Pack: D2SEC_RECORDCLIP
Name| d2secrecordclip ---|--- CVE| CVE-2010-3749 Exploit Pack| D2ExploitPack Description| RealNetworks Realplayer RecordClip Parameter Injection Remote Code Execution Vulnerability Notes|...
Design/Logic Flaw
The browser-plugin implementation in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1 allows remote attackers to arguments to the RecordClip method, which allows remote attackers to download an arbitrary program onto a client machine, and execute this program, via a "...
Heap overflow
Multiple heap-based buffer overflows in an ActiveX control in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.4 allow remote attackers to execute arbitrary code via a long .smil argument to the 1 tfile, 2 pnmm, or 3 cdda protocol handler...
CVE-2010-2578
Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.4, and RealPlayer Enterprise 2.1.2 allows remote attackers to have an unspecified impact via a crafted QCP file...
CVE-2010-3748
Stack-based buffer overflow in the RichFX component in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.4, and RealPlayer Enterprise 2.1.2 allows remote attackers to have an unspecified impact via unknown vectors...
CVE-2010-2578
CVE-2010-2578 is a heap-based buffer overflow in RealNetworks RealPlayer 11.0–11.1, RealPlayer SP 1.0–1.1.4, and RealPlayer Enterprise 2.1.2 that can be exploited by a crafted QCP file to cause an unspecified impact. Multiple connected sources corroborate the vulnerability, including CVE records ...
CVE-2010-2998
CVE-2010-2998 : RealNetworks RealPlayer (Windows) is affected by an array index error in parsing RealMedia IVR data, leading to remote code execution. Impact: arbitrary code could be run in the context of the logged-in user when a vulnerable RealPlayer instance processes a malformed IVR file. Aff...
CVE-2010-2998
Array index error in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.0.1 allows remote attackers to execute arbitrary code via malformed sample data in a RealMedia .IVR file, related to a "malformed IVR pointer index" issue...
CVE-2010-3749
The browser-plugin implementation in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1 allows remote attackers to arguments to the RecordClip method, which allows remote attackers to download an arbitrary program onto a client machine, and execute this program, via a "...