Real player for macbook5/26/2023 rm movie file with a large length field for the data chunk, which leads to a heap-based buffer overflow. Integer overflow in pnen3260.dll in RealPlayer 8 through 10.5 (6.) and earlier, and RealOne Player 1 or 2 on Windows or Mac OS, allows remote attackers to execute arbitrary code via a SMIL file and a. This leads to arbitrary code execution.ģ Helix Player, Realone Player, Realplayer In Real Player 20.0.8.310, the G2 Control allows injection of unsafe javascript: URIs in local HTTP error pages (displayed by Internet Explorer core). This occurs because it is possible to plant executables in the startup folder (DLL planting could also occur). In Real Player 20.0.7.309 and 20.0.8.310, external::Import() allows download of arbitrary file types and Directory Traversal, leading to Remote Code Execution. It is also possible to reference arbitrary local files. It is possible to inject script code to arbitrary domains. This is an internal URL Protocol used by Real Player to reference a file that contains an URL. In Real Player 20.0.8.310, there is a DCP:// URI Remote Arbitrary Code Execution Vulnerability. In Real Player through 20.1.0.312, attackers can execute arbitrary code by placing a UNC share pathname (for a DLL file) in a RAM file.
0 Comments
Leave a Reply. |