Rosoft Media Player version 4.4.4 buffer overflow exploit.
d788f5d5fbe39ff2df6d7ccdafa5b25a188ab8049559bf52ef00b80852b4e6a3
Secunia Security Advisory - SUSE has issued an update for flash-player. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system.
6cefeb9d53564ddd95662c3efb212b82978bad23acf898881484202536c67aa9
This Metasploit module exploits a vulnerability found in the ActiveX component of Adobe Flash Player before 11.3.300.271. By supplying a corrupt Font file used by the SWF, it is possible to gain arbitrary remote code execution under the context of the user, as exploited in the wild.
b495613b72210817067894eb7ff5c08f46dcd44c9088ea935d0a7be729049d9a
Zero Day Initiative Advisory 12-136 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple's QuickTime player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists within how the application handles a malformed atom type when playing a movie encoded with uncompressed audio. When decoding the audio sample the application will use a 16-bit length for allocating a buffer, and a different one for initializing it. This can cause memory corruption which can lead to code execution under the context of the application.
279769476bb55b52fb4a1cfea0a3fa4d6c15f5a797a70b8f549cd186ec7efd2d
Secunia Security Advisory - Some vulnerabilities have been reported in VMware Workstation and VMware Player, which can be exploited by malicious, local users in a guest virtual machine to gain escalated privileges.
6ffe6033f160b2c177e7a564b82737c3dfec5d3db1607d2bc7da877361b0b4ff
Red Hat Security Advisory 2012-1173-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes one vulnerability in Adobe Flash Player. This vulnerability is detailed on the Adobe security page APSB12-18, listed in the References section. Specially-crafted SWF content could cause flash-plugin to crash or, potentially, execute arbitrary code when a victim loads a page containing the malicious SWF content. All users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 11.2.202.238.
c10d85f5137cb075e49ec0b6380b902d41df64cf1042cece8b3a15b524552b6a
Secunia Security Advisory - A vulnerability has been reported in Flash Player, which can be exploited by malicious people to compromise a user's system.
e0733d737d0d8ddbe3aadff8a040109e471ebf225c1b95fa19168f756675e864
Secunia Security Advisory - Multiple vulnerabilities have been reported in Adobe Shockwave Player, which can be exploited by malicious people to compromise a user's system.
e1e63d928727335a2cb10d40933ced7165bf829ba3b84e7308fcfec354967046
CoolPlayer+ Portable version 2.19.2 buffer overflow exploit with ASLR bypass.
166843ef977577a858c2c28b45a618c91cb636c27690ed808c276fca44609888
Zero Day Initiative Advisory 12-135 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Apple QuickTime handles movies with the jpeg2k codec. When the size for a sample defined in the stsz atom is too big the QuickTime player fails to allocate the required memory for that sample. A pointer to the previous sample data still exists after the previous sample got freed. This pointer normally gets updated to point to the current sample data, but this does not happen when the allocation fails. The QuickTime player then re-uses the stale pointer and a use-after-free situation occurs. This can lead to remote code execution under that context of the current process.
09e42dfec87839316c3fa4944a3bae8125996c32c045c1e6fe4f1e71fe9cdf07
Zero Day Initiative Advisory 12-130 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application parses a header containing codec-specific data. When handling an error case, the application will forget to initialize a pointer which will later be used in a memory operation. This can lead to code execution under the context of the application.
5be5f0f92f11f0903a9f72e52afb3d8e5df2b6562bc8079d4ebab29e5466eba6
This Metasploit module exploits a vulnerability found in Cisco Linksys PlayerPT 1.0.0.15 as the installed with the web interface of Cisco Linksys WVC200 Wireless-G PTZ Internet Video Camera. The vulnerability, due to the insecure usage of sprintf in the SetSource method, when handling a specially crafted sURL argument, allows to trigger a stack based buffer overflow which leads to code execution under the context of the user visiting a malicious web page.
5a88ff9a13dc712f648150200591ec804a09cb0631600c4db7449f3c17604a4b
Secunia Security Advisory - Two vulnerabilities have been discovered in the Simple Video Flash Player for Joomla!, which can be exploited by malicious people to conduct cross-site scripting attacks.
9df20f91497034cf913395b05a7fb43d08018c030260a70ebd99396fa8c979e2
Various flash players, such as JWPlayer for MODx, Simple video flash player for Joomla, Poodll for Moodle, RokBox for Joomla, and RokBox for WordPress all suffer from a cross site scripting vulnerability.
260067c1b6a7935399c21b2621857237ac79808b7df319270dbb7fa906648b17
This Metasploit module exploits a vulnerability found in Cisco Linksys PlayerPT 1.0.0.15 as the installed with the web interface of Cisco Linksys WVC200 Wireless-G PTZ Internet Video Camera. The vulnerability, due to the insecure usage of sprintf in the SetSource method, allows to trigger a stack based buffer overflow which leads to code execution under the context of the user visiting a malicious web page.
2dfadd85c9c6ae2a3b6dbc4fd0a0377aac24947c5d90300dbf9bd50e9aa7ebe9
MyMP3 Player version 3.02.067 stack buffer overflow exploit that has DEP bypass.
26fb8d8b3b8d79981eff51ee010ac925d0a58319110e69cf26e42f4cdf61d88c
Secunia Research has discovered a vulnerability in Cisco Linksys PlayerPT ActiveX Control, which can be exploited by malicious people to compromise a user's system. Successful exploitation allows execution of arbitrary code. Cisco Linksys PlayerPT ActiveX Control version 1.0.0.15 is affected. Other versions may also be affected.
a88c10267158fe9cf2d434bc63948819deb102117186a70288596b16e3102081
Secunia Security Advisory - A vulnerability has been reported in VLC Media Player, which can be exploited by malicious people to compromise a user's system.
826805e88738f80b5814689653860c9ae700a8441eaa01a55954633a371572bb
Zoom Player version 4.51 suffers from a denial of service vulnerability.
9eb084c02298d2a21d5a5ee17e773f9ca520fa09ffa32767cfb70e24afc03db4
Advanced MP3 Player Infusion version 2.01 suffers from a remote shell upload vulnerability.
0d53259e616b4161775a0b9272f7b7ef1d1569e48797e4a3ba27a9c8136edeff
Secunia Security Advisory - Sammy Forgit has discovered a vulnerability in the Advanced MP3 Player module for PHP-Fusion, which can be exploited by malicious people to compromise a vulnerable system.
e3872883589e948f5ab26057b52953a554ab7a2a836bb9741a27a3301a8003d6
Secunia Security Advisory - Multiple vulnerabilities have been reported in WebEx Recording Format Player, which can be exploited by malicious people to compromise a user's system.
66c516ffae04ad2a578953355a9cb64003715abf209faf304d945f80e1c21449
Secunia Security Advisory - A vulnerability has been reported in WebEx Advanced Recording Format Player, which can be exploited by malicious people to compromise a user's system.
2ffdb1b79f6350a6b1c59f73fc4db5995a244069b27644ae7fa8ed71ce83bd10
Cisco Security Advisory - The Cisco WebEx Recording Format (WRF) player contains four buffer overflow vulnerabilities and the Cisco Advanced Recording Format (ARF) player contains one buffer overflow vulnerability. In some cases, exploitation of the vulnerabilities could allow a remote attacker to execute arbitrary code on the system with the privileges of a targeted user. Cisco has updated affected versions of the WebEx meeting sites and WRF and ARF players to address these vulnerabilities.
49478116b2c8fce99cb338023910fed9c83a1ea261b069618c93a071ffc72472
Zero Day Initiative Advisory 12-103 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of QuickTime Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw occurs when parsing a movie file containing multiple atoms with a different string length. When resizing a buffer in order to make space for the string, the application will forget to include the null-terminator. When the application attempts to null-terminate the string, an out-of-bounds write will occur. If an aggressor can place the a useful heap buffer contiguous to the reallocated string, this can lead to code execution under the context of the application.
f1c0ec875d5f1f6611aaccba87f70c3dded4662ef965ecfd7279dddd6300d5f0
This is a local exploit for Real Player 10 Gold that uses a division by zero to trigger an exception handler.
bef48a2af7c152b4698cbb3e2c9b4d15795525b8bf8b700a9f8abe631953ac07