what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 100 RSS Feed

Files

iDEFENSE Security Advisory 2010-02-01.1
Posted Feb 2, 2010
Authored by iDefense Labs | Site idefense.com

iDefense Security Advisory 02.01.10 - Remote exploitation of an integer overflow vulnerability in RealNetworks Inc.'s RealPlayer 11 could allow an attacker to execute arbitrary code with the privileges of the affected service. The vulnerability specifically exists in the handling of the 'chunked' Transfer-Encoding method. This method breaks the file the server is sending into 'chunks'. For each chunk, the server first sends the length of the chunk in hexadecimal, followed by the chunk data. This is repeated until there are no more chunks. The server then sends a chunk length of zero (0) indicating the end of the transfer. When processing these chunks, an integer overflow occurs, which results in a heap overflow. This leads to the execution of arbitrary code. iDefense has confirmed the existence of this vulnerability in RealPlayer version 11 on Windows. A nightly build of RealPlayer 10.1.0.3830 for Linux was also confirmed to be vulnerable. Previous versions do not appear be affected.

tags | advisory, remote, overflow, arbitrary
systems | linux, windows
advisories | CVE-2009-4243
SHA-256 | 3a83f3b4b0b0d8cec0aad45aed72e71c09910a4ab59fde61b44afcb586e10dd8

Related Files

Zero Day Initiative Advisory 12-092
Posted Jun 9, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-092 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way RealPlayer handles audio encoded with the QCELP codec. The codec allows you to specify the 'block_size' that is used. This size is used to create an allocation to hold the data, but a hardcoded blocksize is later used to copy data into that allocation. This could lead to remote code execution under the context of the current user.

tags | advisory, remote, arbitrary, code execution
advisories | CVE-2011-4247
SHA-256 | 380a02510159c9cdf960797da6f1c88b06cb8a4e5eafa4f9a55b560e374118c2
Zero Day Initiative Advisory 12-087
Posted Jun 7, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-087 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the raac.dll module. By editing the stsz atom in the mp4 file data, an attacker could change a sample size to force a loop in raac.dll to loop too many times, causing heap corruption. This vulnerability can be leveraged to execute code under the context of the user running the application.

tags | advisory, remote, arbitrary
advisories | CVE-2011-4260
SHA-256 | 2ce52b7504df49825da4887cac96c03aa28226252b6f7f55300204478c048607
Zero Day Initiative Advisory 12-086
Posted Jun 7, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-086 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the rvrender module. When parsing an IVR file, the code within this module does not account for a negative value for the "RMFF 1.0 Flags" element within the input data. By providing a specially crafted file an attacker is able to achieve a program state that results in a function pointer value being retrieved from file data and subsequently called. This vulnerability can be leveraged to execute code under the context of the user running the application.

tags | advisory, remote, arbitrary
advisories | CVE-2012-0922
SHA-256 | 95be120705ca4e062f32484ba1379b8274788104bd1a0ab24e69832485c9b78d
Zero Day Initiative Advisory 12-085
Posted Jun 7, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-085 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the dmp4 component. If the width value is altered inside the esds atom, arithmetic instructions within RealPlayer code can result in a loop counter wrapping to a large value. This can cause the loop to run too many times while operating on heap memory. By exploiting this condition, an attacker can corrupt memory and leverage that to execute code under the context of the user running the application.

tags | advisory, remote, arbitrary
advisories | CVE-2011-4261
SHA-256 | efbe76fedf3296c7ef451c7b351df87ac87091b6a35538b7186d05716162501f
Zero Day Initiative Advisory 12-084
Posted Jun 6, 2012
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 12-084 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required in that a target must visit a malicious page or open a malicious file. The flaw exists within the RV10 encoded data in the rv10.dll component. When encountering an invalid encoded height or width field the process miscalculates an offset while preparing to decode the data packets which constitute the stream. The process attempts to store data at this location. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the process.

tags | advisory, remote, arbitrary
advisories | CVE-2012-0926
SHA-256 | e5150c82d73cc84c7bac0c2ef829f0a287bb6936a0e3495f3879c41d5fc6830d
Secunia Security Advisory 49193
Posted May 17, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Some vulnerabilities have been reported in RealPlayer, which can be exploited by malicious people to compromise a user's system.

tags | advisory, vulnerability
SHA-256 | a1d30186496845399b0ac3d413e64ee8f1ddfdb9edb58adaddaeb4b9fb3c4891
Secunia Security Advisory 48868
Posted Apr 16, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been reported in RealPlayer Enterprise, which can be exploited by malicious people to compromise a user's system.

tags | advisory, vulnerability
SHA-256 | b4d217f42c3ed17c2cfbf5298888c8be24765eb39dd544f335cf2d649f544b69
RealPlayer 1.1.4 Memory Corruption
Posted Mar 24, 2012
Authored by Senator of Pirates

RealPlayer SP1 versions 1.1.4 Build 12.0.0.756 and below suffer from a memory corruption vulnerability.

tags | exploit
SHA-256 | ddd9e040f4b7eafed5ff80ef2b389fd0a0d7384cbf7bae93936c186a876e915b
Secunia Security Advisory 47896
Posted Feb 8, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been reported in RealPlayer, which can be exploited by malicious people to compromise a user's system.

tags | advisory, vulnerability
SHA-256 | 858dc1d43bb7e62d27ae566370f7d2619ba50bbfc7f18156d10166b339539e36
Zero Day Initiative Advisory 11-344
Posted Dec 8, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-344 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way that the application allocates space for parsing sample data encoded with the RV20 codec. After allocation, the application will partially fill the allocation with sample data. Upon usage of this sample data, the application will use the uninitialized data to calculate an index that is then written into. This can lead to code execution under the context of the application.

tags | advisory, remote, arbitrary, code execution
advisories | CVE-2011-4253
SHA-256 | 50e66ded99d11173f3c8167b6f12e294aa22a831c7b09425d4215df5292503c6
Zero Day Initiative Advisory 11-343
Posted Dec 8, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-343 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks Realplayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the mp4arender.dll module. If the channel count is altered inside the esds atom, the allocated buffer will be too small to support the decoded audio data, causing a heap overflow. This vulnerability can be leveraged to execute code under the context of the user running the application.

tags | advisory, remote, overflow, arbitrary
advisories | CVE-2011-4260
SHA-256 | 1de47a5d32b9c4dcf8ee7ada8fb59ba281f7d617834a3920d1d09016015f5407
Zero Day Initiative Advisory 11-334
Posted Nov 28, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-334 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application processes the audio specific data within a RealMedia audio file. When decoding sample data, the application will explicitly trust a length read from the sample data when populating a buffer that is allocated based on the codec information. Due to this, a memory corruption can be made to occur which can result in code execution within the context of the application.

tags | advisory, remote, arbitrary, code execution
advisories | CVE-2011-4251
SHA-256 | a7a0e1f5a510767a203883c22ca987a3d6527f55342b4946f60fee31cb02af82
Zero Day Initiative Advisory 11-333
Posted Nov 28, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-333 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the ATRC codec parses sample data out of the media file. When reading bit sizes from the sample, the application will seek a structure that is used for consuming bits from the sample stream outside the bounds of the correct data. When decoding the sample, the application will use the transformed data to initialize another structure. Due to the sizes being unbound, this can be used to corrupt memory outside the original allocation. This type of memory corruption can be leveraged to gain code execution under the context of the application.

tags | advisory, remote, arbitrary, code execution
advisories | CVE-2011-4250
SHA-256 | e577e50ea5b9346d525ea656c752164cf4ed9edf71adb8964e1a8881dc18bf98
Zero Day Initiative Advisory 11-332
Posted Nov 28, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-332 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks Realplayer. AUser interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way RealPLayer handles AAC files. When parsing an AAC file, Realplayer will create buffers based on the type of Channel it finds in the first frame. When the AAC starts with a Single channel in the first frame, and then changes to a channel pair in the following frame, Realplayer fails to update the buffer size for the channel data. The buffer overwrite that follows could result in remote code execution under the context of the current user.

tags | advisory, remote, arbitrary, code execution
advisories | CVE-2011-4248
SHA-256 | 7dd13629ad3b9e3ac3af5a7df51e788585cc5b43f7e85085a0f86d547a44ce3d
Zero Day Initiative Advisory 11-331
Posted Nov 28, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-331 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Realplayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way RealPlayer handles MPEG files. Realplayer parses the mpg file by doing a do while loop where it uses the width of the movie for the loop condition. However, it will subtracts 1 from the width for every iteration of the loop and then compare it to 0. If the width of the movie was zero at the beginning the loop will run 0xFFFFFFFF times. This results in a memory corruption that can lead to remote code execution under the context of the current user.

tags | advisory, remote, arbitrary, code execution
advisories | CVE-2011-4259
SHA-256 | 6a8d26996f84e01bae44e66eb7acdcfb123b54cf4dcae161cb23df3bf1115b61
Secunia Security Advisory 46963
Posted Nov 23, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been reported in Mac RealPlayer, which can be exploited by malicious people to compromise a user's system.

tags | advisory, vulnerability
SHA-256 | e92b6d7a0ff8e587704a23aa2ad5325239c180845927aeba95d37a0e5faa273d
Secunia Security Advisory 46954
Posted Nov 21, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been reported in RealPlayer, which can be exploited by malicious people to compromise a user's system.

tags | advisory, vulnerability
SHA-256 | 95b09d7b3bdfcd984237d28e740cf2b1b1d40187d93e723109d4bdd29b624669
RealNetworks Realplayer QCP Parsing Heap Overflow
Posted Sep 17, 2011
Authored by Sean de Regge, juan vazquez | Site metasploit.com

This Metasploit module exploits a heap overflow in Realplayer when handling a .QCP file. The specific flaw exists within qcpfformat.dll. A static 256 byte buffer is allocated on the heap and user-supplied data from the file is copied within a memory copy loop. This allows a remote attacker to execute arbitrary code running in the context of the web browser via a .QCP file with a specially crafted "fmt" chunk. At this moment this module exploits the flaw on Windows XP IE6, IE7.

tags | exploit, remote, web, overflow, arbitrary
systems | windows
advisories | CVE-2011-2950, OSVDB-74549
SHA-256 | cce2bc3fede3c402a04087782f79fa183476cf2dbb4148275dc851a1d3272199
Secunia Security Advisory 44014
Posted Aug 17, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Some vulnerabilities have been reported in RealPlayer, which can be exploited by malicious people to compromise a user's system.

tags | advisory, vulnerability
SHA-256 | d1324fe2338fb31116b8e24d70d1599c01ab477bd1fff8a69439904dd4e6aba6
Secunia Security Advisory 45608
Posted Aug 17, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Some vulnerabilities have been reported in RealPlayer Enterprise, which can be exploited by malicious people to compromise a user's system.

tags | advisory, vulnerability
SHA-256 | 98db388287c126b3879bf66be0afcc35111d28e4572f4fc8bfd2a73fe94511f7
Secunia Security Advisory 45668
Posted Aug 17, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Two vulnerabilities have been reported in Mac RealPlayer, which can be exploited by malicious people to compromise a user's system.

tags | advisory, vulnerability
SHA-256 | c475467b864971a4b356ceff0949e30c79c5eacf09436688df2a2dd2fcbd6720
Zero Day Initiative Advisory 11-269
Posted Aug 17, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-269 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists due to the fact that RealPlayer allows users to run local HTML files with scripting enabled without any warning. The RealPlayer ActiveX control can be scripted from a web browser to load local HTML files. This can lead to remote code execution under the context of the current user.

tags | advisory, remote, web, arbitrary, local, code execution, activex
advisories | CVE-2011-2947
SHA-256 | b591c6bbdcc4cbe1c3c5610ecba64679b3c35330beac8aa8d30391fb641b40ad
Zero Day Initiative Advisory 11-268
Posted Aug 17, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-268 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way RealPlayer handles DEFINEFONT fields in Flash Files. When the process parses corrupt a ShapeRecord with the DefineFont record it reads outside a stack buffer and uses a random stack value as a heap pointer. Later this pointer will be used to write data into. The resulting corruption can lead to remote code execution under the context of the current user.

tags | advisory, remote, arbitrary, code execution
advisories | CVE-2011-2948
SHA-256 | 5e61aa1c0dd0d3322339a2871be565333c58e9361524ac932545f51995f4cb78
Zero Day Initiative Advisory 11-267
Posted Aug 17, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-267 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks Realplayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way RealPlayer handles ID3v2 Tags. RealPlayer creates a fixed size buffer for certain tags and will then populate them with the data from the file. It uses a call to WideCharToMultiByte to convert the data, but fails to take into account that converting a single wide char might result in more then two multi-byte chars. This causes more data to be written into the fixed buffer then anticipated resulting in a heap buffer overflow.

tags | advisory, remote, overflow, arbitrary
advisories | CVE-2011-2949
SHA-256 | 5385faa2d7dde38ad73a22ef3b8f23f66bab1cde6cff8768488cb79618bfe0e3
Zero Day Initiative Advisory 11-265
Posted Aug 17, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-265 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within qcpfformat.dll, which is responsible for parsing QCP media files. The process creates a static 256 byte allocation on the heap and trusts a user-supplied counter from the file within a memory copy loop. As the source data is also user-supplied from the file, this can be abused by a remote attacker to execute arbitrary code running in the context of the web browser.

tags | advisory, remote, web, arbitrary
advisories | CVE-2011-2950
SHA-256 | b7524be329d663793a9abbc11c46bee42745e99635cdcb27b6bb37952693a381
Page 1 of 4
Back1234Next

File Archive:

June 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    0 Files
  • 2
    Jun 2nd
    0 Files
  • 3
    Jun 3rd
    18 Files
  • 4
    Jun 4th
    21 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    57 Files
  • 7
    Jun 7th
    6 Files
  • 8
    Jun 8th
    0 Files
  • 9
    Jun 9th
    0 Files
  • 10
    Jun 10th
    12 Files
  • 11
    Jun 11th
    27 Files
  • 12
    Jun 12th
    38 Files
  • 13
    Jun 13th
    16 Files
  • 14
    Jun 14th
    14 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    16 Files
  • 18
    Jun 18th
    26 Files
  • 19
    Jun 19th
    15 Files
  • 20
    Jun 20th
    18 Files
  • 21
    Jun 21st
    0 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close