CVE-2011-4255

CVE-2011-4255 affects RealNetworks RealPlayer before 15.0.0 and Mac RealPlayer before 12.0.0.1703. A vulnerability in processing an invalid codec name could allow remote code execution. The advisory indicates exploitation requires user interaction (visiting a malicious page or opening a crafted f...

CVE-2011-4253

CVE-2011-4253 affects RealNetworks RealPlayer (RV20 decoding) on Windows and Mac. The vulnerability stems from how RV20 sample data is allocated and partially filled, leading to using uninitialized data as an index, enabling remote code execution under RealPlayer’s process. Exploitation requires ...

CVE-2011-4252

CVE-2011-4252 affects RealNetworks RealPlayer (Windows and Mac) where the RV10 codec parses a height value from a RealVideo object. The flaw allows memory corruption and remote code execution if a user opens a crafted sample or visits a malicious page. Public details indicate exploitation require...

CVE-2011-4256

CVE-2011-4256 affects RealNetworks RealPlayer (RV30 codec). The vulnerability occurs when parsing RV30 samples: the code allocates a buffer then fails to fully initialize it and improperly trusts an index from the partially filled buffer, enabling memory corruption that can lead to remote code ex...

CVE-2011-4257

The Cook codec in RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via crafted channel data...

CVE-2011-4255

Unspecified vulnerability in RealNetworks RealPlayer before 15.0.0 and Mac RealPlayer before 12.0.0.1703 allows remote attackers to execute arbitrary code via an invalid codec name...

CVE-2011-4249

RealPlayer (Windows) before 15.0.0 is affected by CVE-2011-4249 due to an array index error in the RV30 codec during parsing of RV30 data, enabling remote code execution. ZDI notes the flaw allows code execution on vulnerable installations and requires user interaction (visiting a malicious page ...

CVE-2011-4250

CVE-2011-4250 affects RealNetworks RealPlayer (Windows <15.0.0; Mac

CVE-2011-4246

The AAC codec in RealNetworks RealPlayer before 15.0.0 and Mac RealPlayer before 12.0.0.1703 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via unspecified vectors...

CVE-2011-4256

The RV30 codec in RealNetworks RealPlayer before 15.0.0 and Mac RealPlayer before 12.0.0.1703 does not initialize an unspecified index value, which allows remote attackers to execute arbitrary code via unknown vectors...

CVE-2011-4246

The CVE-2011-4246 entry concerns the AAC codec in RealNetworks RealPlayer prior to 15.0.0 and Mac RealPlayer prior to 12.0.0.1703. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. Connected sources confirm RealPlayer vu...

ZDI-11-304 : Apple Quicktime Advanced Audio Codec Frame Parsing Remote Code Execution Vulnerability

ZDI-11-304 : Apple Quicktime Advanced Audio Codec Frame Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-304 October 26, 2011 -- CVE ID: CVE-2011-3252 -- CVSS: 8.3, AV:N/AC:M/Au:N/C:P/I:P/A:C -- Affected Vendors: Apple -- Affected Products: Apple...

Apple Quicktime Advanced Audio Codec Frame Parsing Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime Player. Authentication is not required to exploit this vulnerability. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or op...

Adobe Flash Player Speex Codec Buffer Underflow (ASBP11-26; CVE-2011-2130)

A buffer underflow vulnerability has been reported in Adobe Flash Player. The vulnerability is due to insufficient input validation by the application. A remote attacker may exploit this vulnerability by enticing an affected user to open a malicious web-page. Successful exploitation will allow an...

[SECURITY] Fedora 16 Update: libvpx-0.9.7.1-1.fc16

libvpx provides the VP8 SDK, which allows you to integrate your applications with the VP8 video codec, a high quality, royalty free, open source codec deployed on millions of computers and devices worldwide...

Code injection

The SIP process in Cisco Unified Communications Manager aka CUCM, formerly CallManager 7.x before 7.15bsu4 and 8.x before 8.01 does not properly handle SDP data within a SIP call in certain situations related to use of the g729ar8 codec for a Media Termination Point MTP, which allows remote...

CVE-2011-2561

The SIP process in Cisco Unified Communications Manager aka CUCM, formerly CallManager 7.x before 7.15bsu4 and 8.x before 8.01 does not properly handle SDP data within a SIP call in certain situations related to use of the g729ar8 codec for a Media Termination Point MTP, which allows remote...

Apple QuickTime STSC atom Parsing Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Quicktim...

Get Your New Video Codecs–and Scareware

Scareware gangs have been using pretty much the same tactics since the dawn of time. Or at least since 2005. They compromise Web sites, use them as jumping off points for pop-up boxes that aim to terrify the citizenry into thinking their PCs are infected and downloading fake security software. Bu...

Integer overflow in foobar2000 1.1.7

Luigi Auriemma Application: foobar2000 http://www.foobar2000.org Versions: = 1.1.7 Platforms: Windows Bug: integer overflow Date: 03 Jul 2011 Author: Luigi Auriemma e-mail: [email protected] web: aluigi.org 1 Introduction 2 Bug 3 The Code 4 Fix =============== 1 Introduction ===============...