Lucene search
Damian PutZDI-11-336HistoryNov 28, 2011 - 12:00 a.m.
RealNetworks RealPlayer Invalid Codec Name Remote Code Execution Vulnerability
2011-11-2800:00:00
Damian Put
www.zerodayinitiative.com
18
EPSS
0.035
Percentile
91.7%
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks Real Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists when a user attempts to play a malicious video file containing a malformed codec name. When playing a malformed codec, the application will incorrectly free an object and then later attempt to use it by calling a virtual method pointer upon destruction. This can lead to code execution under the context of the application.
Related
securityvulns
securityvulns
ZDI-11-336 : RealNetworks RealPlayer Invalid Codec Name Remote Code Execution Vulnerability
2011-12-05 00:00:00
RealNetworks RealPlayer multiple security vulnerabilities
2011-12-11 00:00:00
prion
prion
Code injection
2011-11-24 11:55:00
cve
cve
CVE-2011-4255
2011-11-24 11:55:07
nvd
nvd
CVE-2011-4255
2011-11-24 11:55:07
cvelist
cvelist
CVE-2011-4255
2011-11-24 11:00:00
openvas
openvas
RealNetworks RealPlayer Multiple Vulnerabilities Nov - 11 (Mac OS X)
2011-11-29 00:00:00
RealNetworks RealPlayer Multiple Vulnerabilities (Nov 2011) - Mac OS X
2011-11-29 00:00:00
RealNetworks RealPlayer Multiple Vulnerabilities Nov - 11 (Windows)
2011-11-29 00:00:00
nessus
nessus
RealPlayer for Windows < 15.0.0 Multiple Vulnerabilities
2011-12-06 00:00:00