RealNetworks RealPlayer RMP File Heap Buffer Overflow (CVE-2013-6877)

A heap buffer overflow exists in RealNetworks RealPlayer. The vulnerability is due an error when handling RMP files, overly long values for certain tags can result in a heap buffer overflow. A remote unauthenticated attacker could exploit this vulnerability by enticing a user to open a crafted RM...

Stack overflow

Multiple stack-based buffer overflows in RealNetworks RealPlayer before 17.0.4.61 on Windows, and Mac RealPlayer before 12.0.1.1738, allow remote attackers to execute arbitrary code via a long 1 version number or 2 encoding declaration in the XML declaration of an RMP file, a different issue than...

RealPlayer RMP File Version Attribute Buffer Overflow

Added: 12/27/2013 CVE: CVE-2013-6877 BID: 64398 OSVDB: 101356 Background RealNetworks RealPlayer includes an embedded player which plays media embedded in a web page. Problem RealNetworks Windows RealPlayer 17.0.2.206 and earlier versions are vulnerable to remote code execution due to improper...

RealPlayer RMP File Version Attribute Buffer Overflow

Added: 12/27/2013 CVE: CVE-2013-6877 BID: 64398 OSVDB: 101356 Background RealNetworks RealPlayer includes an embedded player which plays media embedded in a web page. Problem RealNetworks Windows RealPlayer 17.0.2.206 and earlier versions are vulnerable to remote code execution due to improper...

RealNetworks RealPlayer Version Attribute Buffer Overflow

This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'RealNetworks RealPlayer Version Attribute Buffer Overflow', 'Description' = %q This module exploits a stack-based buffer overflow...

RealPlayer Heap-Based Buffer Overflow

Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ RealPlayer Heap-based Buffer Overflow Vulnerability 1. Advisory Information Title: RealPlayer Heap-based Buffer Overflow Vulnerability Advisory ID: CORE-2013-0903 Advisory URL:...

Heap overflow

Heap-based buffer overflow in RealNetworks RealPlayer before 17.0.4.61 on Windows, and Mac RealPlayer before 12.0.1.1738, allows remote attackers to execute arbitrary code via a long string in the TRACKID element of an RMP file, a different vulnerability than CVE-2013-7260...

CVE-2013-6877

RealPlayer is affected by two CVEs related to RMP file parsing. CVE-2013-6877 is a heap-based overflow triggered by a long TRACKID in an RMP file, enabling arbitrary code execution on Windows (before 17.0.4.61) and macOS (before 12.0.1.1738). CVE-2013-7260 covers multiple stack-based overflows fr...

CVE-2013-6877

Heap-based buffer overflow in RealNetworks RealPlayer before 17.0.4.61 on Windows, and Mac RealPlayer before 12.0.1.1738, allows remote attackers to execute arbitrary code via a long string in the TRACKID element of an RMP file, a different vulnerability than CVE-2013-7260...

CVE-2013-4973

Stack-based buffer overflow in RealNetworks RealPlayer before 16.0.3.51, and RealPlayer SP 1.0 through 1.1.5, allows remote attackers to execute arbitrary code via a crafted .rmp file...

CVE-2013-4973

Stack-based buffer overflow in RealNetworks RealPlayer before 16.0.3.51, and RealPlayer SP 1.0 through 1.1.5, allows remote attackers to execute arbitrary code via a crafted .rmp file...

RealPlayer '.rmp'文件远程缓冲区溢出漏洞

Bugtraq ID: 47039 RealNetworks RealPlayer是一款流行的媒体播放程序。 RealNetworks RealPlayer不正确处理'.rmp'文件，远程攻击者可以构建恶意文件，诱使用户解析，触发缓冲区溢出，成功利用漏洞可以以应用程序安全上下文执行任意代码。 Real Networks RealPlayer 11 目前没有详细解决方案提供： http://www.real.com/ !/usr/bin/perl Title : RealPlayer v11.0 .rmp Buffer Overflow Author : KedAns-Dz E-mail ...

CVE-2005-0190

Directory traversal vulnerability in RealPlayer 10.5 6.0.12.1040 and earlier allows remote attackers to delete arbitrary files via a Real Metadata Packages RMP file with a FILENAME tag containing .. dot dot sequences in a filename that ends with a ? question mark and an allowed file extension e.g...

CVE-2004-0273

CVE-2004-0273 describes a directory traversal vulnerability in RealOne Player, RealOne Player 2.0, and RealOne Enterprise Desktop. An attacker can upload arbitrary files via an RMP file containing .. sequences in a .rjs skin file, enabling remote unauthorized file placement. Affected products are...

Directory traversal in RealPlayer allows code execution

OVERVIEW ======== RealPlayer is a popular multimedia player developed by RealNetworks. One of its features are RMP files, RealJukebox Metadata Packages. These are XML formatted files which may contain e.g. playlists, references to skin files .rjs, and information about related web pages. A...