CVE-2005-3677

CVE-2005-3677 describes a buffer overflow in RealNetworks RealPlayer 10/10.5 triggered by a crafted image in a RealPlayer Skin (RJS) file, allowing remote code execution. The description notes that details are sparse and it is unclear how this differs from CVE-2005-2629 and CVE-2005-2630, but ven...

CVE-2005-2629

CVE-2005-2629 describes an integer/stack-based overflow in RealNetworks RealPlayer (versions 8, 10, 10.5), RealOne Player (1–2), and Helix Player 10.0.0 that can be triggered by a malformed .rm file with a large length field in the first data packet, allowing remote code execution. The vulnerabil...

CVE-2005-3677

Buffer overflow in RealNetworks RealPlayer 10 and 10.5 allows remote attackers to execute arbitrary code via a crafted image in a RealPlayer Skin RJS file. NOTE: due to the lack of details, it is unclear how this is different than CVE-2005-2629 and CVE-2005-2630, but the vendor advisory implies...

CVE-2005-2629

Integer overflow in RealNetworks RealPlayer 8, 10, and 10.5, RealOne Player 1 and 2, and Helix Player 10.0.0 allows remote attackers to execute arbitrary code via an .rm movie file with a large value in the length field of the first data packet, which leads to a stack-based buffer overflow, a...

CVE-2005-2936

CVE-2005-2936 is an unquoted Windows search path vulnerability in RealNetworks RealPlayer 10.5 and RealPlayer 10/RealOne Player lines (versions 6.0.12.1040–6.0.12.1348; Pre-20060322 RealPlayer 8; RealOne Player v1/v2), which could allow a local user to gain privileges by placing a malicious C:\pr...

CVE-2005-2936

Unquoted Windows search path vulnerability in RealNetworks RealPlayer 10.5 6.0.12.1040 through 6.0.12.1348, RealPlayer 10, RealOne Player v2, RealOne Player v1, and RealPlayer 8 before 20060322 might allow local users to gain privileges via a malicious C:\program.exe file...

CVE-2005-2936

Unquoted Windows search path vulnerability in RealNetworks RealPlayer 10.5 6.0.12.1040 through 6.0.12.1348, RealPlayer 10, RealOne Player v2, RealOne Player v1, and RealPlayer 8 before 20060322 might allow local users to gain privileges via a malicious C:\program.exe file...

iDEFENSE Security Advisory 11.15.05: Multiple Vendor Insecure Call to CreateProcess() Vulnerability

Multiple Vendor Insecure Call to CreateProcess Vulnerability iDEFENSE Security Advisory 11.15.05 www.idefense.com/application/poi/display?id=340&type=vulnerabilities November 15, 2005 I. BACKGROUND The Microsoft Windows API includes the CreateProcess function as a means to create a new process an...

[EEYEB-20050701] - RealPlayer Zipped Skin File Buffer Overflow II

RealPlayer Zipped Skin File Buffer Overflow II Release Date: November 10, 2005 Date Reported: June 26, 2005 Severity: High Code Execution Vendor: RealNetworks Systems Affected: Windows: RealPlayer 10.5 6.0.12.1040-1235 RealPlayer 10 RealOne Player v2 RealOne Player v1 RealPlayer 8 Overview: eEye...

[EEYEB-20050510] - RealPlayer Data Packet Stack Overflow

RealPlayer Data Packet Stack Overflow Release Date: November 10, 2005 Date Reported: May 28, 2005 Severity: High Remote Code Execution Vendor: RealNetworks Systems Affected: Windows: RealPlayer 10.5 6.0.12.1040-1235 RealPlayer 10 RealOne Player v2 RealOne Player v1 RealPlayer 8 RealPlayer...

RealNetworks RealOne PlayerRealPlayer - .RM Local Stack Buffer Overflow

RealNetworks RealOne PlayerRealPlayer - .RM Local Stack Buffer Overflow / source: https://www.securityfocus.com/bid/15381/info RealNetworks RealPlayer and RealOne Player are reported prone to a remote stack-based buffer-overflow vulnerability. The applications fail to perform boundary checks when...

security flaw

Heap-based buffer overflow in the embedded player in multiple RealNetworks products and versions including RealPlayer 10.x, RealOne Player, and Helix Player allows remote malicious servers to cause a denial of service crash and possibly execute arbitrary code via a chunked Transfer-Encoding HTTP...

RealNetworks RealPlayer AVI Parsing Buffer Overflow (CAN-2005-2052)

...

FreeBSD : libxine -- multiple buffer overflows in RTSP (1b70bef4-649f-11d9-a30e-000a95bc6fae)

A xine security announcement states : Multiple vulnerabilities have been found and fixed in the Real-Time Streaming Protocol RTSP client for RealNetworks servers, including a series of potentially remotely exploitable buffer overflows. This is a joint advisory by the MPlayer and xine teams as the...

[VulnWatch] iDEFENSE Security Advisory 06.23.05: RealNetworks RealPlayer RealText Parsing Heap Overflow Vulnerability

RealNetworks RealPlayer RealText Parsing Heap Overflow Vulnerability iDEFENSE Security Advisory 06.23.05 www.idefense.com/application/poi/display?id=250&type=vulnerabilities June 23, 2005 I. BACKGROUND RealPlayer is an application for playing various media formats, developed by RealNetworks Inc...

[VulnWatch] eEye Advisory - EEYEB-200505 - RealPlayer AVI Processing Overflow

RealPlayer vidplin.dll AVI Processing Heap Overflow Release Date: June 23, 2005 Date Reported: May 4, 2005 Patch Development Time In Days: 36 Severity: High Code Execution Vendor: RealNetworks Systems Affected: For Microsoft Windows RealPlayer 10.5 6.0.12.1040-1069 RealPlayer 10 RealOne Player v2...

Rhapsody Detection

Rhapsody is installed on the remote Windows host. Rhapsody is a music service and media player from RealNetworks. Make sure the use of this program fits with your corporate security policy. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid18559; scriptversion"1.12";...

linux-realplayer -- RealText parsing heap overflow

An iDEFENSE Security Advisory reports: Remote exploitation of a heap-based buffer overflow vulnerability in the RealText file format parser within various versions of RealNetworks Inc.'s RealPlayer could allow attackers to execute arbitrary code...

CVE-2005-0611

Heap-based buffer overflow in RealNetworks RealPlayer 10.5 6.0.12.1056 and earlier, 10, 8, and RealOne Player V2 and V1, allows remote attackers to execute arbitrary code via .WAV files...

CVE-2005-0455

Stack-based buffer overflow in the CSmil1Parser::testAttributeFailed function in smlparse.cpp for RealNetworks RealPlayer 10.5 6.0.12.1056 and earlier, 10, 8, and RealOne Player V2 and V1 allows remote attackers to execute arbitrary code via a .SMIL file with a large system-screen-size value...