192 matches found
iDEFENSE Security Advisory 03.01.05: RealNetworks RealPlayer .smil Buffer Overflow Vulnerability
RealNetworks RealPlayer .smil Buffer Overflow Vulnerability iDEFENSE Security Advisory 03.01.05 www.idefense.com/application/poi/display?id=209&type=vulnerabilities March 1, 2005 I. BACKGROUND RealPlayer is an application for playing various media formats, developed by RealNetworks Inc. For more...
CVE-2004-1481
The CVE-2004-1481 entry describes a heap-based buffer overflow in RealNetworks RealPlayer 8–10.5 (6.0.12.1040) and RealOne Player 1–2 on Windows or macOS, caused by an integer/length field overflow in pnen3260.dll when processing SMIL/.rm files with a very large length value for the data chunk. T...
CVE-2004-1798
RealOne player 6.0.11.868 allows remote attackers to execute arbitrary script in the "My Computer" zone via a Synchronized Multimedia Integration Language SMIL presentation with a "file:javascript:" URL, which is executed in the security context of the previously loaded URL, a different...
CVE-2004-1481
Integer overflow in pnen3260.dll in RealPlayer 8 through 10.5 6.0.12.1040 and earlier, and RealOne Player 1 or 2 on Windows or Mac OS, allows remote attackers to execute arbitrary code via a SMIL file and a .rm movie file with a large length field for the data chunk, which leads to a heap-based...
Multiple Real media players fail to properly validate SMIL files
Overview Multiple Real media players fail to properly validate synchronized multimedia integration language SMIL files which may permit a remote attacker to gain sensitive information. Description RealNetworks Real media players are multimedia applications that allow users to view local and remot...
CVE-2003-0726
RealOne player allows remote attackers to execute arbitrary script in the "My Computer" zone via a SMIL presentation with a URL that references a scripting protocol, which is executed in the security context of the previously loaded URL, as demonstrated using a "javascript:" URL in the area tag...
CVE-2003-0726
RealOne player allows remote attackers to execute arbitrary script in the "My Computer" zone via a SMIL presentation with a URL that references a scripting protocol, which is executed in the security context of the previously loaded URL, as demonstrated using a "javascript:" URL in the area tag...
CVE-2003-0726
RealOne/RealPlayer is affected by CVE-2003-0726 through its SMIL handling, where a SMIL presentation containing a javascript: URL in an area tag can be executed in the security context of the previously loaded URL, enabling remote script execution. The vulnerability is described as a cross-site s...
RealOne Player 1.02.06.0.106.0.11 - .SMIL File Script Execution
RealOne Player 1.02.06.0.106.0.11 - .SMIL File Script Execution source: https://www.securityfocus.com/bid/8453/info Real Networks has reported a vulnerability in RealOne Player. Script embedded in SMIL presentations may be executed in the context of a domain that is specified by an attacker. This...
RealOne Player 1.0/2.0/6.0.10/6.0.11 - '.SMIL' File Script Execution
source: https://www.securityfocus.com/bid/8453/info Real Networks has reported a vulnerability in RealOne Player. Script embedded in SMIL presentations may be executed in the context of a domain that is specified by an attacker. This could allow for theft of cookie-based authentication credential...
CVE-2002-1321
Multiple buffer overflows in RealOne and RealPlayer allow remote attackers to execute arbitrary code via 1 a Synchronized Multimedia Integration Language SMIL file with a long parameter, 2 a long long filename in a rtsp:// request, e.g. from a .m3u file, or 3 certain "Now Playing" options on a...
CVE-2002-1321
The CVE-2002-1321 entry concerns RealNetworks products RealOne and RealPlayer, where multiple buffer overflows can allow remote code execution. The root causes are: (1) a SMIL file with an excessively long parameter, (2) a long filename in an rtsp:// request (e.g., from a .m3u file), and (3) cert...