FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-27 18:04:16 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
c73305ae-8cd7-11d9-9873-000a95bc6faerealplayer -- remote heap overflow

Two exploits have been identified in the Linux RealPlayer client. RealNetworks states:

RealNetworks, Inc. has addressed recently discovered security vulnerabilities that offered the potential for an attacker to run arbitrary or malicious code on a customer's machine. RealNetworks has received no reports of machines compromised as a result of the now-remedied vulnerabilities. RealNetworks takes all security vulnerabilities very seriously.

The specific exploits were:

  • Exploit 1: To fashion a malicious WAV file to cause a buffer overflow which could have allowed an attacker to execute arbitrary code on a customer's machine.
  • Exploit 2: To fashion a malicious SMIL file to cause a buffer overflow which could have allowed an attacker to execute arbitrary code on a customer's machine.

Discovery 2005-03-01
Entry 2005-03-04
linux-realplayer
le 10.0.2

CVE-2005-0611
http://marc.theaimsgroup.com/?l=vulnwatch&m=110977858619314
http://service.real.com/help/faq/security/050224_player/EN/
02274fd9-6bc5-11d9-8edb-000a95bc6faerealplayer -- arbitrary file deletion and other vulnerabilities

An NGSSoftware Insight Security Research Advisory reports:

Two vulnerabilities have been discovered in RealPlayer which may potentially be leveraged to allow remote code execution, or may used in combination with the Real Metadata Package File Deletion vulnerability to reliably delete files from a users system.


Discovery 2004-10-06
Entry 2005-01-21
linux-realplayer
< 10.0.2

http://www.ngssoftware.com/advisories/real-02full.txt
http://www.ngssoftware.com/advisories/real-03full.txt
http://service.real.com/help/faq/security/040928_player/EN/
95ee96f2-e488-11d9-bf22-080020c11455linux-realplayer -- RealText parsing heap overflow

An iDEFENSE Security Advisory reports:

Remote exploitation of a heap-based buffer overflow vulnerability in the RealText file format parser within various versions of RealNetworks Inc.'s RealPlayer could allow attackers to execute arbitrary code.


Discovery 2005-06-23
Entry 2005-06-24
linux-realplayer
le 10.0.4_1

CVE-2005-1277
http://www.idefense.com/application/poi/display?id=250&type=vulnerabilities&flashstatus=false
http://service.real.com/help/faq/security/050623_player/EN/