Lucene search
K

192 matches found

securityvulns
securityvulns
added 2005/03/02 12:0 a.m.52 views

iDEFENSE Security Advisory 03.01.05: RealNetworks RealPlayer .smil Buffer Overflow Vulnerability

RealNetworks RealPlayer .smil Buffer Overflow Vulnerability iDEFENSE Security Advisory 03.01.05 www.idefense.com/application/poi/display?id=209&type=vulnerabilities March 1, 2005 I. BACKGROUND RealPlayer is an application for playing various media formats, developed by RealNetworks Inc. For more...

5.1CVSS7.2AI score0.5399EPSS
Exploits3
CVE
CVE
added 2005/02/13 5:0 a.m.71 views

CVE-2004-1481

The CVE-2004-1481 entry describes a heap-based buffer overflow in RealNetworks RealPlayer 8–10.5 (6.0.12.1040) and RealOne Player 1–2 on Windows or macOS, caused by an integer/length field overflow in pnen3260.dll when processing SMIL/.rm files with a very large length value for the data chunk. T...

5.1CVSS8AI score0.04278EPSS
Exploits0References5Affected Software3
NVD
NVD
added 2004/12/31 5:0 a.m.21 views

CVE-2004-1798

RealOne player 6.0.11.868 allows remote attackers to execute arbitrary script in the "My Computer" zone via a Synchronized Multimedia Integration Language SMIL presentation with a "file:javascript:" URL, which is executed in the security context of the previously loaded URL, a different...

5.1CVSS7.2AI score0.02189EPSS
Exploits1References6
NVD
NVD
added 2004/12/31 5:0 a.m.23 views

CVE-2004-1481

Integer overflow in pnen3260.dll in RealPlayer 8 through 10.5 6.0.12.1040 and earlier, and RealOne Player 1 or 2 on Windows or Mac OS, allows remote attackers to execute arbitrary code via a SMIL file and a .rm movie file with a large length field for the data chunk, which leads to a heap-based...

5.1CVSS7.9AI score0.04278EPSS
Exploits0References5
CERT
CERT
added 2004/02/06 12:0 a.m.19 views

Multiple Real media players fail to properly validate SMIL files

Overview Multiple Real media players fail to properly validate synchronized multimedia integration language SMIL files which may permit a remote attacker to gain sensitive information. Description RealNetworks Real media players are multimedia applications that allow users to view local and remot...

6.6AI score
Exploits0References3
NVD
NVD
added 2003/10/20 4:0 a.m.19 views

CVE-2003-0726

RealOne player allows remote attackers to execute arbitrary script in the "My Computer" zone via a SMIL presentation with a URL that references a scripting protocol, which is executed in the security context of the previously loaded URL, as demonstrated using a "javascript:" URL in the area tag...

5.1CVSS6.8AI score0.06827EPSS
Exploits1References6
Cvelist
Cvelist
added 2003/09/03 4:0 a.m.26 views

CVE-2003-0726

RealOne player allows remote attackers to execute arbitrary script in the "My Computer" zone via a SMIL presentation with a URL that references a scripting protocol, which is executed in the security context of the previously loaded URL, as demonstrated using a "javascript:" URL in the area tag...

6.8AI score0.06827EPSS
Exploits1References6
CVE
CVE
added 2003/09/03 4:0 a.m.55 views

CVE-2003-0726

RealOne/RealPlayer is affected by CVE-2003-0726 through its SMIL handling, where a SMIL presentation containing a javascript: URL in an area tag can be executed in the security context of the previously loaded URL, enabling remote script execution. The vulnerability is described as a cross-site s...

5.1CVSS7AI score0.06827EPSS
Exploits1References6Affected Software3
exploitpack
exploitpack
added 2003/08/19 12:0 a.m.16 views

RealOne Player 1.02.06.0.106.0.11 - .SMIL File Script Execution

RealOne Player 1.02.06.0.106.0.11 - .SMIL File Script Execution source: https://www.securityfocus.com/bid/8453/info Real Networks has reported a vulnerability in RealOne Player. Script embedded in SMIL presentations may be executed in the context of a domain that is specified by an attacker. This...

0.1AI score
Exploits0
Exploit DB
Exploit DB
added 2003/08/19 12:0 a.m.24 views

RealOne Player 1.0/2.0/6.0.10/6.0.11 - '.SMIL' File Script Execution

source: https://www.securityfocus.com/bid/8453/info Real Networks has reported a vulnerability in RealOne Player. Script embedded in SMIL presentations may be executed in the context of a domain that is specified by an attacker. This could allow for theft of cookie-based authentication credential...

7.4AI score
Exploits0
NVD
NVD
added 2002/12/11 5:0 a.m.23 views

CVE-2002-1321

Multiple buffer overflows in RealOne and RealPlayer allow remote attackers to execute arbitrary code via 1 a Synchronized Multimedia Integration Language SMIL file with a long parameter, 2 a long long filename in a rtsp:// request, e.g. from a .m3u file, or 3 certain "Now Playing" options on a...

7.5CVSS7.8AI score0.0325EPSS
Exploits0References5
CVE
CVE
added 2002/11/27 5:0 a.m.64 views

CVE-2002-1321

The CVE-2002-1321 entry concerns RealNetworks products RealOne and RealPlayer, where multiple buffer overflows can allow remote code execution. The root causes are: (1) a SMIL file with an excessively long parameter, (2) a long filename in an rtsp:// request (e.g., from a .m3u file), and (3) cert...

7.5CVSS8.2AI score0.0325EPSS
Exploits0References5Affected Software2
Rows per page
Query Builder