![]() NOTE: As of 20080103, this disclosure has no actionable information. allows remote attackers to execute arbitrary code by importing a file into a media library and then deleting this file.īuffer overflow in RealPlayer 11 build 6.0.14.748 allows remote attackers to execute arbitrary code via unspecified vectors. Stack-based buffer overflow in a certain ActiveX control in rjbdll.dll in RealNetworks RealPlayer Enterprise, RealPlayer 10, and RealPlayer 10.5 before build 6. might allow remote attackers to execute arbitrary code via a crafted SWF file. Heap-based buffer overflow in the Shockwave Flash (SWF) frame handling in RealNetworks RealPlayer 10.5 Build 6. has unknown impact and attack vectors, probably related to accessing local files, aka a "Local resource reference vulnerability." Unspecified vulnerability in RealNetworks RealPlayer Enterprise, RealPlayer 10, and RealPlayer 10.5 before build 6. The RealNetworks RealAudioObjects.RealAudio ActiveX control in rmoc3260.dll, as shipped with RealPlayer 11, allows remote attackers to cause a denial of service (browser crash) via a certain argument to the GetSourceTransport method. Multiple stack-based buffer overflows in RealNetworks RealPlayer before 17.0.4.61 on Windows, and Mac RealPlayer before 12., allow remote attackers to execute arbitrary code via a long (1) version number or (2) encoding declaration in the XML declaration of an RMP file, a different issue than CVE-2013-6877. rm movie file with a large length field for the data chunk, which leads to a heap-based buffer overflow. Integer overflow in pnen3260.dll in RealPlayer 8 through 10.5 (6.) and earlier, and RealOne Player 1 or 2 on Windows or Mac OS, allows remote attackers to execute arbitrary code via a SMIL file and a. ![]() This leads to arbitrary code execution.ģ Helix Player, Realone Player, Realplayer In Real Player 20.0.8.310, the G2 Control allows injection of unsafe javascript: URIs in local HTTP error pages (displayed by Internet Explorer core). This occurs because it is possible to plant executables in the startup folder (DLL planting could also occur). In Real Player 20.0.7.309 and 20.0.8.310, external::Import() allows download of arbitrary file types and Directory Traversal, leading to Remote Code Execution. It is also possible to reference arbitrary local files. It is possible to inject script code to arbitrary domains. This is an internal URL Protocol used by Real Player to reference a file that contains an URL. In Real Player 20.0.8.310, there is a DCP:// URI Remote Arbitrary Code Execution Vulnerability. ![]() In Real Player through 20.1.0.312, attackers can execute arbitrary code by placing a UNC share pathname (for a DLL file) in a RAM file.
0 Comments
Leave a Reply. |