FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-18 11:12:36 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
fe4c84fc-bdb5-11da-b7d4-00123ffe8333	linux-realplayer -- heap overflow iDefense Reports: Remote exploitation of a heap-based buffer overflow in RealNetwork Inc's RealPlayer could allow the execution of arbitrary code in the context of the currently logged in user. In order to exploit this vulnerability, an attacker would need to entice a user to follow a link to a malicious server. Once the user visits a website under the control of an attacker, it is possible in a default install of RealPlayer to force a web-browser to use RealPlayer to connect to an arbitrary server, even when it is not the default application for handling those types, by the use of embedded object tags in a webpage. This may allow automated exploitation when the page is viewed. Discovery 2006-03-23 Entry 2006-03-27 linux-realplayer ge 10.0.1 lt 10.0.6 CVE-2005-2922 http://service.real.com/realplayer/security/03162006_player/en/ http://www.idefense.com/intelligence/vulnerabilities/display.php?id=404 http://secunia.com/advisories/19358/
f762ccbb-baed-11dc-a302-000102cc8983	linux-realplayer -- multiple vulnerabilities Secunia reports: Multiple vulnerabilities have been reported in RealPlayer/RealOne/HelixPlayer, which can be exploited by malicious people to compromise a user's system. An input validation error when processing .RA/.RAM files can be exploited to cause a heap corruption via a specially crafted .RA/.RAM file with an overly large size field in the header. An error in the processing of .PLS files can be exploited to cause a memory corruption and execute arbitrary code via a specially crafted .PLS file. An input validation error when parsing .SWF files can be exploited to cause a buffer overflow via a specially crafted .SWF file with malformed record headers. A boundary error when processing rm files can be exploited to cause a buffer overflow. Discovery 2007-10-25 Entry 2008-01-04 linux-realplayer ge 10.0.5 lt 10.0.9.809.20070726 CVE-2007-5081 CVE-2007-3410 CVE-2007-2263 CVE-2007-2264 http://secunia.com/advisories/27361 http://service.real.com/realplayer/security/10252007_player/en/ http://www.zerodayinitiative.com/advisories/ZDI-07-063.html http://www.zerodayinitiative.com/advisories/ZDI-07-062.html http://www.zerodayinitiative.com/advisories/ZDI-07-061.html http://secunia.com/advisories/25819/ 759385
25858c37-bdab-11da-b7d4-00123ffe8333	linux-realplayer -- buffer overrun Secunia Advisories Reports: A boundary error when processing SWF files can be exploited to cause a buffer overflow. This may allow execution of arbitrary code on the user's system. Discovery 2006-03-23 Entry 2006-03-27 linux-realplayer ge 10.0.1 lt 10.0.7.785.20060201 CVE-2006-0323 http://service.real.com/realplayer/security/03162006_player/en/ http://secunia.com/advisories/19358/

VuXML ID

Description

fe4c84fc-bdb5-11da-b7d4-00123ffe8333

linux-realplayer -- heap overflow

iDefense Reports:

Remote exploitation of a heap-based buffer overflow in RealNetwork Inc's RealPlayer could allow the execution of arbitrary code in the context of the currently logged in user.

In order to exploit this vulnerability, an attacker would need to entice a user to follow a link to a malicious server. Once the user visits a website under the control of an attacker, it is possible in a default install of RealPlayer to force a web-browser to use RealPlayer to connect to an arbitrary server, even when it is not the default application for handling those types, by the use of embedded object tags in a webpage. This may allow automated exploitation when the page is viewed.

Discovery 2006-03-23
Entry 2006-03-27
linux-realplayer

ge 10.0.1 lt 10.0.6

CVE-2005-2922
http://service.real.com/realplayer/security/03162006_player/en/
http://www.idefense.com/intelligence/vulnerabilities/display.php?id=404
http://secunia.com/advisories/19358/

f762ccbb-baed-11dc-a302-000102cc8983

linux-realplayer -- multiple vulnerabilities

Secunia reports:

Multiple vulnerabilities have been reported in RealPlayer/RealOne/HelixPlayer, which can be exploited by malicious people to compromise a user's system.

An input validation error when processing .RA/.RAM files can be exploited to cause a heap corruption via a specially crafted .RA/.RAM file with an overly large size field in the header.

An error in the processing of .PLS files can be exploited to cause a memory corruption and execute arbitrary code via a specially crafted .PLS file.

An input validation error when parsing .SWF files can be exploited to cause a buffer overflow via a specially crafted .SWF file with malformed record headers.

A boundary error when processing rm files can be exploited to cause a buffer overflow.

Discovery 2007-10-25
Entry 2008-01-04
linux-realplayer

ge 10.0.5 lt 10.0.9.809.20070726

CVE-2007-5081
CVE-2007-3410
CVE-2007-2263
CVE-2007-2264
http://secunia.com/advisories/27361
http://service.real.com/realplayer/security/10252007_player/en/
http://www.zerodayinitiative.com/advisories/ZDI-07-063.html
http://www.zerodayinitiative.com/advisories/ZDI-07-062.html
http://www.zerodayinitiative.com/advisories/ZDI-07-061.html
http://secunia.com/advisories/25819/
759385

25858c37-bdab-11da-b7d4-00123ffe8333

linux-realplayer -- buffer overrun

Secunia Advisories Reports:

A boundary error when processing SWF files can be exploited to cause a buffer overflow. This may allow execution of arbitrary code on the user's system.

Discovery 2006-03-23
Entry 2006-03-27
linux-realplayer

ge 10.0.1 lt 10.0.7.785.20060201

CVE-2006-0323
http://service.real.com/realplayer/security/03162006_player/en/
http://secunia.com/advisories/19358/