«
Expand/Collapse
221 items tagged "realplayer"
Related tags:
poc [+],
exploits [+],
corruption [+],
buffer [+],
cook [+],
buffer overflow [+],
based buffer overflow [+],
audio content [+],
proof of concept [+],
code execution [+],
windows xp sp3 [+],
s system [+],
realplayer application [+],
handling [+],
day [+],
arbitrary code execution [+],
realnetworks [+],
spectral data [+],
realplayer activex control [+],
qcp [+],
overflow vulnerability [+],
integer overflow [+],
browser [+],
vulnerability [+],
uri initialization [+],
stack buffer [+],
spectral [+],
sound [+],
research [+],
realmedia [+],
realaudio content [+],
local buffer overflow [+],
ivr [+],
integer overflow vulnerability [+],
idefense [+],
html component [+],
frame size [+],
flv [+],
cve [+],
cdda [+],
aac file [+],
code [+],
safer use [+],
x code [+],
width [+],
watchfolders [+],
watch folders [+],
user [+],
uri [+],
uninitialised memory [+],
security vulnerabilities [+],
remote [+],
realnetworks inc [+],
real networks inc [+],
qcp file [+],
protocol handlers [+],
overflow errors [+],
overflow error [+],
object initialization [+],
memory copy [+],
loop condition [+],
loop [+],
internal browser [+],
injection bug [+],
initialization [+],
exploit [+],
execution [+],
data frame [+],
channel [+],
buffer overflow exploit [+],
avi [+],
audio [+],
active x [+],
aac files [+],
3g2 files [+],
uri uninitialized [+],
uninitialized pointer [+],
stack [+],
security [+],
pdf [+],
object index [+],
null pointer [+],
navigatetourl [+],
multiple buffer overflow [+],
moaub [+],
malicious website [+],
malicious attacker [+],
malformed [+],
local [+],
issue [+],
index code [+],
idefense security advisory [+],
heap memory [+],
heap corruption [+],
buffer overflow vulnerabilities [+],
avi file [+],
access violation [+],
Bugs [+],
real [+],
networks [+],
real networks [+],
arbitrary code [+],
realplayer user [+],
zone [+],
writeav [+],
variable length fields [+],
v11 [+],
uninitialized [+],
txt [+],
swf [+],
stack overflow [+],
smil [+],
skin [+],
sipr [+],
sample [+],
rvrender [+],
rmp [+],
retired [+],
remote buffer overflow vulnerability [+],
remote buffer overflow [+],
realplayer version [+],
realnetwork [+],
realaudio [+],
raac [+],
qcelp [+],
player skins [+],
parsing [+],
overflow code [+],
mpg [+],
invalid [+],
integer division [+],
input validation [+],
imagemap code [+],
html [+],
header code [+],
hash [+],
gif [+],
genr [+],
frame dimensions [+],
dmp [+],
data [+],
control [+],
chunk [+],
avi parsing [+],
atrc [+],
asmrulebook [+],
arender [+],
arbitrary [+],
advanced audio coding [+],
advanced [+],
activex control [+],
activex [+],
overflow [+],
zdi [+],
realnetworks realplayer [+],
memory corruption [+],
heap [+],
memory [+],
buffer overflow vulnerability [+],
zero [+],
vulnerability research [+],
realplayer versions [+],
critical vulnerability [+],
bugtraq [+],
target [+],
secunia [+],
file [+],
aac [+]
-
-
19:42
»
Packet Storm Security Exploits
This Metasploit module exploits a stack based buffer overflow on RealPlayer versions 15.0.6.14 and below. The vulnerability exists in the handling of real media files, due to the insecure usage of the GetPrivateProfileString function to retrieve the URL property from an InternetShortcut section. This Metasploit module generates a malicious rm file which must be opened with RealPlayer via drag and drop or double click methods. It has been tested successfully on Windows XP SP3 with RealPlayer 15.0.5.109.
-
19:42
»
Packet Storm Security Exploits
This Metasploit module exploits a stack based buffer overflow on RealPlayer versions 15.0.6.14 and below. The vulnerability exists in the handling of real media files, due to the insecure usage of the GetPrivateProfileString function to retrieve the URL property from an InternetShortcut section. This Metasploit module generates a malicious rm file which must be opened with RealPlayer via drag and drop or double click methods. It has been tested successfully on Windows XP SP3 with RealPlayer 15.0.5.109.
-
19:42
»
Packet Storm Security Recent Files
This Metasploit module exploits a stack based buffer overflow on RealPlayer versions 15.0.6.14 and below. The vulnerability exists in the handling of real media files, due to the insecure usage of the GetPrivateProfileString function to retrieve the URL property from an InternetShortcut section. This Metasploit module generates a malicious rm file which must be opened with RealPlayer via drag and drop or double click methods. It has been tested successfully on Windows XP SP3 with RealPlayer 15.0.5.109.
-
19:42
»
Packet Storm Security Recent Files
This Metasploit module exploits a stack based buffer overflow on RealPlayer versions 15.0.6.14 and below. The vulnerability exists in the handling of real media files, due to the insecure usage of the GetPrivateProfileString function to retrieve the URL property from an InternetShortcut section. This Metasploit module generates a malicious rm file which must be opened with RealPlayer via drag and drop or double click methods. It has been tested successfully on Windows XP SP3 with RealPlayer 15.0.5.109.
-
19:42
»
Packet Storm Security Misc. Files
This Metasploit module exploits a stack based buffer overflow on RealPlayer versions 15.0.6.14 and below. The vulnerability exists in the handling of real media files, due to the insecure usage of the GetPrivateProfileString function to retrieve the URL property from an InternetShortcut section. This Metasploit module generates a malicious rm file which must be opened with RealPlayer via drag and drop or double click methods. It has been tested successfully on Windows XP SP3 with RealPlayer 15.0.5.109.
-
19:42
»
Packet Storm Security Misc. Files
This Metasploit module exploits a stack based buffer overflow on RealPlayer versions 15.0.6.14 and below. The vulnerability exists in the handling of real media files, due to the insecure usage of the GetPrivateProfileString function to retrieve the URL property from an InternetShortcut section. This Metasploit module generates a malicious rm file which must be opened with RealPlayer via drag and drop or double click methods. It has been tested successfully on Windows XP SP3 with RealPlayer 15.0.5.109.
-
-
16:00
»
SecuriTeam
Real Networks RealPlayer is prone to an arbitrary code-execution vulnerability.
-
-
16:00
»
SecuriTeam
Real Networks RealPlayer is prone to a remote stack-based buffer-overflow vulnerability.
-
-
16:29
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
16:29
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
16:24
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks Realplayer.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
10:24
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
11:34
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks Realplayer.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
17:44
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
17:39
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
15:38
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 11-332 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks Realplayer. AUser interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way RealPLayer handles AAC files. When parsing an AAC file, Realplayer will create buffers based on the type of Channel it finds in the first frame. When the AAC starts with a Single channel in the first frame, and then changes to a channel pair in the following frame, Realplayer fails to update the buffer size for the channel data. The buffer overwrite that follows could result in remote code execution under the context of the current user.
-
15:38
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 11-332 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks Realplayer. AUser interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way RealPLayer handles AAC files. When parsing an AAC file, Realplayer will create buffers based on the type of Channel it finds in the first frame. When the AAC starts with a Single channel in the first frame, and then changes to a channel pair in the following frame, Realplayer fails to update the buffer size for the channel data. The buffer overwrite that follows could result in remote code execution under the context of the current user.
-
15:38
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 11-332 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks Realplayer. AUser interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way RealPLayer handles AAC files. When parsing an AAC file, Realplayer will create buffers based on the type of Channel it finds in the first frame. When the AAC starts with a Single channel in the first frame, and then changes to a channel pair in the following frame, Realplayer fails to update the buffer size for the channel data. The buffer overwrite that follows could result in remote code execution under the context of the current user.
-
15:37
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 11-331 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Realplayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way RealPlayer handles MPEG files. Realplayer parses the mpg file by doing a do while loop where it uses the width of the movie for the loop condition. However, it will subtracts 1 from the width for every iteration of the loop and then compare it to 0. If the width of the movie was zero at the beginning the loop will run 0xFFFFFFFF times. This results in a memory corruption that can lead to remote code execution under the context of the current user.
-
15:37
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 11-331 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Realplayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way RealPlayer handles MPEG files. Realplayer parses the mpg file by doing a do while loop where it uses the width of the movie for the loop condition. However, it will subtracts 1 from the width for every iteration of the loop and then compare it to 0. If the width of the movie was zero at the beginning the loop will run 0xFFFFFFFF times. This results in a memory corruption that can lead to remote code execution under the context of the current user.
-
15:37
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 11-331 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Realplayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way RealPlayer handles MPEG files. Realplayer parses the mpg file by doing a do while loop where it uses the width of the movie for the loop condition. However, it will subtracts 1 from the width for every iteration of the loop and then compare it to 0. If the width of the movie was zero at the beginning the loop will run 0xFFFFFFFF times. This results in a memory corruption that can lead to remote code execution under the context of the current user.
-
-
12:12
»
Packet Storm Security Exploits
This Metasploit module exploits a heap overflow in Realplayer when handling a .QCP file. The specific flaw exists within qcpfformat.dll. A static 256 byte buffer is allocated on the heap and user-supplied data from the file is copied within a memory copy loop. This allows a remote attacker to execute arbitrary code running in the context of the web browser via a .QCP file with a specially crafted "fmt" chunk. At this moment this module exploits the flaw on Windows XP IE6, IE7.
-
12:12
»
Packet Storm Security Recent Files
This Metasploit module exploits a heap overflow in Realplayer when handling a .QCP file. The specific flaw exists within qcpfformat.dll. A static 256 byte buffer is allocated on the heap and user-supplied data from the file is copied within a memory copy loop. This allows a remote attacker to execute arbitrary code running in the context of the web browser via a .QCP file with a specially crafted "fmt" chunk. At this moment this module exploits the flaw on Windows XP IE6, IE7.
-
12:12
»
Packet Storm Security Misc. Files
This Metasploit module exploits a heap overflow in Realplayer when handling a .QCP file. The specific flaw exists within qcpfformat.dll. A static 256 byte buffer is allocated on the heap and user-supplied data from the file is copied within a memory copy loop. This allows a remote attacker to execute arbitrary code running in the context of the web browser via a .QCP file with a specially crafted "fmt" chunk. At this moment this module exploits the flaw on Windows XP IE6, IE7.
-
-
21:04
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 11-269 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists due to the fact that RealPlayer allows users to run local HTML files with scripting enabled without any warning. The RealPlayer ActiveX control can be scripted from a web browser to load local HTML files. This can lead to remote code execution under the context of the current user.
-
21:04
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 11-269 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists due to the fact that RealPlayer allows users to run local HTML files with scripting enabled without any warning. The RealPlayer ActiveX control can be scripted from a web browser to load local HTML files. This can lead to remote code execution under the context of the current user.
-
21:04
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 11-269 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists due to the fact that RealPlayer allows users to run local HTML files with scripting enabled without any warning. The RealPlayer ActiveX control can be scripted from a web browser to load local HTML files. This can lead to remote code execution under the context of the current user.
-
21:01
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 11-267 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks Realplayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way RealPlayer handles ID3v2 Tags. RealPlayer creates a fixed size buffer for certain tags and will then populate them with the data from the file. It uses a call to WideCharToMultiByte to convert the data, but fails to take into account that converting a single wide char might result in more then two multi-byte chars. This causes more data to be written into the fixed buffer then anticipated resulting in a heap buffer overflow.
-
21:01
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 11-267 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks Realplayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way RealPlayer handles ID3v2 Tags. RealPlayer creates a fixed size buffer for certain tags and will then populate them with the data from the file. It uses a call to WideCharToMultiByte to convert the data, but fails to take into account that converting a single wide char might result in more then two multi-byte chars. This causes more data to be written into the fixed buffer then anticipated resulting in a heap buffer overflow.
-
21:01
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 11-267 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks Realplayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way RealPlayer handles ID3v2 Tags. RealPlayer creates a fixed size buffer for certain tags and will then populate them with the data from the file. It uses a call to WideCharToMultiByte to convert the data, but fails to take into account that converting a single wide char might result in more then two multi-byte chars. This causes more data to be written into the fixed buffer then anticipated resulting in a heap buffer overflow.
-
-
12:49
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
15:39
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 11-122 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within RealPlayer exposes a method called OpenURLInDefaultBrowser() that can be accessed through RealPlayer's internal browser. When this method is called, it will open and execute the first parameter based on the operating system's default handler for the filetype. An attacker can reach RealPlayer's internal browser by utilizing a specially crafted .rnx file. This can be leveraged to execute arbitrary code under the context of the user invoking RealPlayer.
-
15:39
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 11-122 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within RealPlayer exposes a method called OpenURLInDefaultBrowser() that can be accessed through RealPlayer's internal browser. When this method is called, it will open and execute the first parameter based on the operating system's default handler for the filetype. An attacker can reach RealPlayer's internal browser by utilizing a specially crafted .rnx file. This can be leveraged to execute arbitrary code under the context of the user invoking RealPlayer.
-
15:39
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 11-122 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within RealPlayer exposes a method called OpenURLInDefaultBrowser() that can be accessed through RealPlayer's internal browser. When this method is called, it will open and execute the first parameter based on the operating system's default handler for the filetype. An attacker can reach RealPlayer's internal browser by utilizing a specially crafted .rnx file. This can be leveraged to execute arbitrary code under the context of the user invoking RealPlayer.
-
-
19:01
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Realnetworks Realplayer SP.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
12:44
»
Packet Storm Security Exploits
RealPlayer versions 14.0.1.633 and below suffers from a heap overflow during the handling of IVR files. This is caused by the allocation of a certain amount of data (frame size) decided by the attacker and the copying of another arbitrary amount on the same buffer. Proof of concept exploit included.
-
12:44
»
Packet Storm Security Recent Files
RealPlayer versions 14.0.1.633 and below suffers from a heap overflow during the handling of IVR files. This is caused by the allocation of a certain amount of data (frame size) decided by the attacker and the copying of another arbitrary amount on the same buffer. Proof of concept exploit included.
-
12:44
»
Packet Storm Security Misc. Files
RealPlayer versions 14.0.1.633 and below suffers from a heap overflow during the handling of IVR files. This is caused by the allocation of a certain amount of data (frame size) decided by the attacker and the copying of another arbitrary amount on the same buffer. Proof of concept exploit included.
-
-
8:51
»
Packet Storm Security Exploits
This Metasploit module exploits a initialization flaw within RealPlayer 11/11.1 and RealPlayer SP 1.0 - 1.1.4. An abnormally long CDDA URI causes an object initialization failure. However, this failure is improperly handled and uninitialized memory executed.
-
8:51
»
Packet Storm Security Recent Files
This Metasploit module exploits a initialization flaw within RealPlayer 11/11.1 and RealPlayer SP 1.0 - 1.1.4. An abnormally long CDDA URI causes an object initialization failure. However, this failure is improperly handled and uninitialized memory executed.
-
8:51
»
Packet Storm Security Misc. Files
This Metasploit module exploits a initialization flaw within RealPlayer 11/11.1 and RealPlayer SP 1.0 - 1.1.4. An abnormally long CDDA URI causes an object initialization failure. However, this failure is improperly handled and uninitialized memory executed.
-
-
17:01
»
SecuriTeam
RealPlayer Contains a vulnerability is caused due to an error in the handling of errors encountered while decoding "cook" encoded audio content.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
17:01
»
SecuriTeam
RealPlayer Contains a vulnerability that can be exploited to corrupt memory via specially crafted spectral data.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
17:40
»
SecuriTeam
RealPlayer Contains a vulnerability is caused by an error when parsing RealAudio content encoded using the "cook" codec.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
16:40
»
SecuriTeam
RealPlayer contains a vulnerability caused by a heap overflow error when handling malformed RA5 files.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
16:40
»
SecuriTeam
RealPlayer contains a vulnerability caused by a heap overflow error when handling Audio data within media files.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
16:35
»
SecuriTeam
RealPlayer Contains a vulnerability caused by a heap overflow error when handling malformed AAC files.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
11:25
»
SecuriTeam
RealPlayer contains a vulnerability in Sound Data within media files which could be exploited by remote attackers.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
18:45
»
SecuriTeam
Remote exploitation of a memory corruption vulnerability in RealNetworks, Inc.'s RealPlayer media player could allow attackers to execute arbitrary code in the context of the targeted user.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
18:35
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
18:35
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
18:35
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
18:30
»
SecuriTeam
Remote exploitation of a memory corruption vulnerability in RealNetworks, Inc.'s RealPlayer media player could allow attackers to execute arbitrary code in the context of the targeted user.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
19:30
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
19:26
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
19:25
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
19:25
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
19:25
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
12:00
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
12:00
»
SecuriTeam
This vulnerability allows attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
11:55
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
11:55
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
11:55
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerability installations of RealNetworks RealPlayer.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
11:55
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on systems with vulnerable installations of the RealNetworks RealPlayer.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
11:31
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
8:21
»
Packet Storm Security Exploits
Proof of concept code that demonstrates the parameter injection bug in Realplayers RecordClip() active-x function and firefox plug-in.
-
-
17:49
»
SecuriTeam
This vulnerability allows attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
13:39
»
SecuriTeam
This vulnerability allows attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
15:55
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
15:55
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
15:50
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
15:50
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealPlayer.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
11:10
»
SecuriTeam
This vulnerability allows attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
13:10
»
Packet Storm Security Advisories
Secunia Research has discovered a vulnerability in RealPlayer, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused due to an error in the handling of errors encountered while decoding "cook" encoded audio content. This can be exploited to trigger the use of uninitialised memory and potentially free an arbitrary address. Successful exploitation may allow execution of arbitrary code.
-
13:10
»
Packet Storm Security Recent Files
Secunia Research has discovered a vulnerability in RealPlayer, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused due to an error in the handling of errors encountered while decoding "cook" encoded audio content. This can be exploited to trigger the use of uninitialised memory and potentially free an arbitrary address. Successful exploitation may allow execution of arbitrary code.
-
13:10
»
Packet Storm Security Misc. Files
Secunia Research has discovered a vulnerability in RealPlayer, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused due to an error in the handling of errors encountered while decoding "cook" encoded audio content. This can be exploited to trigger the use of uninitialised memory and potentially free an arbitrary address. Successful exploitation may allow execution of arbitrary code.
-
13:08
»
Packet Storm Security Advisories
Secunia Research has discovered a vulnerability in RealPlayer, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by an error in the parsing of AAC audio content and can be exploited to corrupt memory via specially crafted spectral data. Successful exploitation may allow execution of arbitrary code.
-
13:08
»
Packet Storm Security Recent Files
Secunia Research has discovered a vulnerability in RealPlayer, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by an error in the parsing of AAC audio content and can be exploited to corrupt memory via specially crafted spectral data. Successful exploitation may allow execution of arbitrary code.
-
13:08
»
Packet Storm Security Misc. Files
Secunia Research has discovered a vulnerability in RealPlayer, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by an error in the parsing of AAC audio content and can be exploited to corrupt memory via specially crafted spectral data. Successful exploitation may allow execution of arbitrary code.
-
12:38
»
Packet Storm Security Advisories
Secunia Research has discovered a vulnerability in RealPlayer, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused by an error when parsing RealAudio content encoded using the "cook" codec. This can be exploited to trigger the use of uninitialised memory and potentially corrupt memory via e.g. a specially crafted RealMedia file.
-
12:38
»
Packet Storm Security Recent Files
Secunia Research has discovered a vulnerability in RealPlayer, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused by an error when parsing RealAudio content encoded using the "cook" codec. This can be exploited to trigger the use of uninitialised memory and potentially corrupt memory via e.g. a specially crafted RealMedia file.
-
12:38
»
Packet Storm Security Misc. Files
Secunia Research has discovered a vulnerability in RealPlayer, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused by an error when parsing RealAudio content encoded using the "cook" codec. This can be exploited to trigger the use of uninitialised memory and potentially corrupt memory via e.g. a specially crafted RealMedia file.
-
-
17:15
»
Packet Storm Security Advisories
VUPEN Vulnerability Research Team discovered a critical vulnerability in RealPlayer. The vulnerability is caused by a heap overflow error when handling malformed AAC files, which could be exploited by remote attackers to execute arbitrary code by tricking a user into visiting a specially crafted web page.
-
17:15
»
Packet Storm Security Recent Files
VUPEN Vulnerability Research Team discovered a critical vulnerability in RealPlayer. The vulnerability is caused by a heap overflow error when handling malformed AAC files, which could be exploited by remote attackers to execute arbitrary code by tricking a user into visiting a specially crafted web page.
-
17:15
»
Packet Storm Security Misc. Files
VUPEN Vulnerability Research Team discovered a critical vulnerability in RealPlayer. The vulnerability is caused by a heap overflow error when handling malformed AAC files, which could be exploited by remote attackers to execute arbitrary code by tricking a user into visiting a specially crafted web page.
-
17:15
»
Packet Storm Security Advisories
VUPEN Vulnerability Research Team discovered a critical vulnerability in RealPlayer. The vulnerability is caused by a heap overflow error when handling Audio data within media files, which could be exploited by remote attackers to execute arbitrary code by tricking a user into visiting a specially crafted web page.
-
17:15
»
Packet Storm Security Recent Files
VUPEN Vulnerability Research Team discovered a critical vulnerability in RealPlayer. The vulnerability is caused by a heap overflow error when handling Audio data within media files, which could be exploited by remote attackers to execute arbitrary code by tricking a user into visiting a specially crafted web page.
-
17:15
»
Packet Storm Security Misc. Files
VUPEN Vulnerability Research Team discovered a critical vulnerability in RealPlayer. The vulnerability is caused by a heap overflow error when handling Audio data within media files, which could be exploited by remote attackers to execute arbitrary code by tricking a user into visiting a specially crafted web page.
-
17:14
»
Packet Storm Security Advisories
VUPEN Vulnerability Research Team discovered a critical vulnerability in RealPlayer. The vulnerability is caused by a heap overflow error when handling sound data within media files, which could be exploited by remote attackers to execute arbitrary code by tricking a user into visiting a specially crafted web page.
-
17:14
»
Packet Storm Security Recent Files
VUPEN Vulnerability Research Team discovered a critical vulnerability in RealPlayer. The vulnerability is caused by a heap overflow error when handling sound data within media files, which could be exploited by remote attackers to execute arbitrary code by tricking a user into visiting a specially crafted web page.
-
17:14
»
Packet Storm Security Misc. Files
VUPEN Vulnerability Research Team discovered a critical vulnerability in RealPlayer. The vulnerability is caused by a heap overflow error when handling sound data within media files, which could be exploited by remote attackers to execute arbitrary code by tricking a user into visiting a specially crafted web page.
-
7:22
»
Packet Storm Security Advisories
VUPEN Vulnerability Research Team discovered a critical vulnerability in RealPlayer. The vulnerability is caused by a heap overflow error when handling malformed RA5 files, which could be exploited by remote attackers to execute arbitrary code by tricking a user into visiting a specially crafted web page.
-
7:22
»
Packet Storm Security Recent Files
VUPEN Vulnerability Research Team discovered a critical vulnerability in RealPlayer. The vulnerability is caused by a heap overflow error when handling malformed RA5 files, which could be exploited by remote attackers to execute arbitrary code by tricking a user into visiting a specially crafted web page.
-
7:22
»
Packet Storm Security Misc. Files
VUPEN Vulnerability Research Team discovered a critical vulnerability in RealPlayer. The vulnerability is caused by a heap overflow error when handling malformed RA5 files, which could be exploited by remote attackers to execute arbitrary code by tricking a user into visiting a specially crafted web page.
-
4:11
»
Packet Storm Security Advisories
VUPEN Vulnerability Research Team discovered three critical vulnerabilities in RealPlayer. These vulnerabilities are caused by heap overflow errors when handling malformed RealMedia data, which could be exploited by remote attackers to execute arbitrary code by tricking a user into visiting a specially crafted web page.
-
4:11
»
Packet Storm Security Recent Files
VUPEN Vulnerability Research Team discovered three critical vulnerabilities in RealPlayer. These vulnerabilities are caused by heap overflow errors when handling malformed RealMedia data, which could be exploited by remote attackers to execute arbitrary code by tricking a user into visiting a specially crafted web page.
-
4:11
»
Packet Storm Security Misc. Files
VUPEN Vulnerability Research Team discovered three critical vulnerabilities in RealPlayer. These vulnerabilities are caused by heap overflow errors when handling malformed RealMedia data, which could be exploited by remote attackers to execute arbitrary code by tricking a user into visiting a specially crafted web page.
-
-
3:11
»
Packet Storm Security Recent Files
iDefense Security Advisory 12.10.10 - Remote exploitation of a memory corruption vulnerability in RealNetworks, Inc.'s RealPlayer media player could allow attackers to execute arbitrary code in the context of the targeted user. The vulnerability specifically exists in the way RealPlayer handles specially crafted RealMedia video files. When processing specially crafted RealMedia files, RealPlayer uses a value from the file to control a loop operation. Realplayer fails to validate the value before using it, which leads to heap memory corruption and an exploitable condition. Windows RealPlayer SP 1.1.4 and prior and Linux RealPlayer 11.0.2.1744 and prior are vulnerable.
-
3:11
»
Packet Storm Security Misc. Files
iDefense Security Advisory 12.10.10 - Remote exploitation of a memory corruption vulnerability in RealNetworks, Inc.'s RealPlayer media player could allow attackers to execute arbitrary code in the context of the targeted user. The vulnerability specifically exists in the way RealPlayer handles specially crafted RealMedia video files. When processing specially crafted RealMedia files, RealPlayer uses a value from the file to control a loop operation. Realplayer fails to validate the value before using it, which leads to heap memory corruption and an exploitable condition. Windows RealPlayer SP 1.1.4 and prior and Linux RealPlayer 11.0.2.1744 and prior are vulnerable.
-
-
7:20
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 10-278 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the Custsupport.html component of the RealPlayer default installation. Due to a failure to properly sanitize user-supplied input, it is possible for an attacker to inject arbitrary code into the RealOneActiveXObject process. This can be abused to bypass the Local Machine Zone security policy and load unsafe controls. Successful exploitation of this issue leads to remote code execution under the context of the RealPlayer application.
-
7:20
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 10-278 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the Custsupport.html component of the RealPlayer default installation. Due to a failure to properly sanitize user-supplied input, it is possible for an attacker to inject arbitrary code into the RealOneActiveXObject process. This can be abused to bypass the Local Machine Zone security policy and load unsafe controls. Successful exploitation of this issue leads to remote code execution under the context of the RealPlayer application.
-
7:20
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 10-277 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the Main.html component of the RealPlayer default installation. Due to a failure to properly sanitize user-supplied input, it is possible for an attacker to inject arbitrary code into the RealOneActiveXObject process. This can be abused to bypass the Local Machine Zone security policy and load unsafe controls. Successful exploitation of this issue leads to remote code execution under the context of the RealPlayer application.
-
7:20
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 10-277 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the Main.html component of the RealPlayer default installation. Due to a failure to properly sanitize user-supplied input, it is possible for an attacker to inject arbitrary code into the RealOneActiveXObject process. This can be abused to bypass the Local Machine Zone security policy and load unsafe controls. Successful exploitation of this issue leads to remote code execution under the context of the RealPlayer application.
-
7:19
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 10-276 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the Upsell.htm component of the RealPlayer default installation. Due to a failure to properly sanitize user-supplied input, it is possible for an attacker to inject arbitrary code into the RealOneActiveXObject process via the getqsval function. This can be abused to bypass the Local Machine Zone security policy and load unsafe controls. Successful exploitation of this issue leads to remote code execution under the context of the RealPlayer application.
-
7:19
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 10-276 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the Upsell.htm component of the RealPlayer default installation. Due to a failure to properly sanitize user-supplied input, it is possible for an attacker to inject arbitrary code into the RealOneActiveXObject process via the getqsval function. This can be abused to bypass the Local Machine Zone security policy and load unsafe controls. Successful exploitation of this issue leads to remote code execution under the context of the RealPlayer application.
-
7:19
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 10-275 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is requires in that a target must navigate to a malicious page. The specific flaw exists within the HandleAction method of the RealPlayer ActiveX control with CLSID FDC7A535-4070-4B92-A0EA-D9994BCC0DC5. The vulnerable action that can be invoked via this control is NavigateToURL. If NavigateToURL can be pointed to a controlled file on the user's system, RealPlayer can be made to execute scripts in the Local Zone. To accomplish this, a malicious attacker can force a download of a skin file to a predictable location and then point NavigateToURL at it thus achieving remote code execution under the context of the user running RealPlayer.
-
7:19
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 10-275 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is requires in that a target must navigate to a malicious page. The specific flaw exists within the HandleAction method of the RealPlayer ActiveX control with CLSID FDC7A535-4070-4B92-A0EA-D9994BCC0DC5. The vulnerable action that can be invoked via this control is NavigateToURL. If NavigateToURL can be pointed to a controlled file on the user's system, RealPlayer can be made to execute scripts in the Local Zone. To accomplish this, a malicious attacker can force a download of a skin file to a predictable location and then point NavigateToURL at it thus achieving remote code execution under the context of the user running RealPlayer.
-
-
22:01
»
Packet Storm Security Advisories
Secunia Research has discovered a vulnerability in RealPlayer SP, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by missing input validation in the handling of sample chunks when parsing QCP audio content. This can be exploited to cause a heap-based buffer overflow. Successful exploitation may allow execution of arbitrary code. RealPlayer SP 1.0.5 is affected.
-
10:51
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
10:46
»
SecuriTeam
This vulnerability allows attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
20:01
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 10-212 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required in that a target must open a malicious website or media file. The specific flaw exists within the code responsible for parsing Name Value Property (NVP) elements from within logical streams in a RealPlayer media file. Specifically, a function within the rjrmrpln.dll file allocates a buffer on the heap which can be directly influenced from data within the file. This buffer is then written to using another value defined in the file and thus also controlled. By crafting a malicious media file an attacker can abuse this to execute arbitrary code under the context of the user running the player.
-
20:01
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 10-213 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists within the RealPlayer ActiveX control. This module is responsible for handling the tfile, pnmm, cdda, protocol handlers. While parsing a long argument ending with .smil an attacker can overflow a buffer on the heap. This can be abused to execute arbitrary code under the context of the user invoking the control.
-
20:00
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 10-212 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required in that a target must open a malicious website or media file. The specific flaw exists within the code responsible for parsing Name Value Property (NVP) elements from within logical streams in a RealPlayer media file. Specifically, a function within the rjrmrpln.dll file allocates a buffer on the heap which can be directly influenced from data within the file. This buffer is then written to using another value defined in the file and thus also controlled. By crafting a malicious media file an attacker can abuse this to execute arbitrary code under the context of the user running the player.
-
20:00
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 10-213 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists within the RealPlayer ActiveX control. This module is responsible for handling the tfile, pnmm, cdda, protocol handlers. While parsing a long argument ending with .smil an attacker can overflow a buffer on the heap. This can be abused to execute arbitrary code under the context of the user invoking the control.
-
-
22:19
»
SecuriTeam
Remote exploitation of an integer overflow vulnerability in Real Networks Inc.'s RealPlayer version 11 could allow an attacker to execute arbitrary code.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
22:17
»
SecuriTeam
Remote exploitation of an integer overflow vulnerability in RealNetworks Inc.'s RealPlayer 11 could allow an attacker to execute arbitrary code with the privileges of the affected service.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
19:00
»
Packet Storm Security Recent Files
iDefense Security Advisory 02.01.10 - Remote exploitation of an integer overflow vulnerability in Real Networks Inc.'s RealPlayer version 11 could allow an attacker to execute arbitrary code. iDefense Labs has confirmed the existence of an integer overflow issue within RealPlayer when handling compressed GIF files. The vulnerability occurs in the CGIFCodec::InitDecompress() function, which does not properly validate a field in the GIF file before using it in an arithmetic operation that calculates the size of a heap buffer. This issue leads to heap corruption, which can result in the execution of arbitrary code. iDefense confirmed RealPlayer version 11 is vulnerable to this issue.
-
19:00
»
Packet Storm Security Advisories
iDefense Security Advisory 02.01.10 - Remote exploitation of an integer overflow vulnerability in Real Networks Inc.'s RealPlayer version 11 could allow an attacker to execute arbitrary code. iDefense Labs has confirmed the existence of an integer overflow issue within RealPlayer when handling compressed GIF files. The vulnerability occurs in the CGIFCodec::InitDecompress() function, which does not properly validate a field in the GIF file before using it in an arithmetic operation that calculates the size of a heap buffer. This issue leads to heap corruption, which can result in the execution of arbitrary code. iDefense confirmed RealPlayer version 11 is vulnerable to this issue.
-
-
1:00
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 10-010 - This vulnerability allows remote attackers to execute code on vulnerable installations of RealNetworks RealPlayer. User interaction is required in that a user must visit a malicious website or open a malicious file and accept a dialog to switch player skins. The specific flaw exists during parsing of malformed RealPlayer .RJS skin files. While loading a skin the application copies certain variable length fields from the extracted file named web.xmb into a statically sized buffer. By crafting these fields appropriately an attack can cause the process to overflow the buffer. This can be leveraged to execute arbitrary code with the privileges of the application.
0day.today (was: 1337day, Inj3ct0r, 1337db)
OSVDB Vulnerabilities
Exploit-DB
SecurityFocus Vulnerabilities
Bugtraq
XSSed
Sophos security news
Penetration Testing
BackTrack Linux Forums
Threatpost
SecDocs
carnal0wnage.attackresearch.com
Carnal0wnage
Darknet
The Exploitant
Hack a Day
Wirevolution