CVE-2012-0922
published 2012-02-08CVE-2012-0922: rvrender.dll in RealNetworks RealPlayer 11.x, 14.x, and 15.x before 15.02.71, and RealPlayer SP 1.0 through 1.1.5, allows remote attackers to execute arbitrary…
PriorityP348critical9.3CVSS 2.0
AVNACMAuNCCICAC
EPSS
4.55%
90.4th percentile
rvrender.dll in RealNetworks RealPlayer 11.x, 14.x, and 15.x before 15.02.71, and RealPlayer SP 1.0 through 1.1.5, allows remote attackers to execute arbitrary code via crafted flags in an RMFF file.
Affected
33 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| realnetworks | realplayer | — | — |
| realnetworks | realplayer | — | — |
| realnetworks | realplayer | — | — |
| realnetworks | realplayer | — | — |
| realnetworks | realplayer | — | — |
| realnetworks | realplayer | — | — |
| realnetworks | realplayer | — | — |
| realnetworks | realplayer | — | — |
| realnetworks | realplayer | — | — |
| realnetworks | realplayer | — | — |
| realnetworks | realplayer | — | — |
| realnetworks | realplayer | — | — |
| realnetworks | realplayer | — | — |
| realnetworks | realplayer | — | — |
| realnetworks | realplayer | — | — |
| realnetworks | realplayer | — | — |
| realnetworks | realplayer | — | — |
| realnetworks | realplayer | — | — |
| realnetworks | realplayer | — | — |
| realnetworks | realplayer | — | — |
| realnetworks | realplayer | — | — |
| realnetworks | realplayer | — | — |
| realnetworks | realplayer | — | — |
| realnetworks | realplayer_sp | — | — |
| realnetworks | realplayer_sp | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
HP Data Protector - CMD Install Service (Metasploit)
exploitdb·2013-08-02·CVSS 10.0
CVE-2011-0922 [CRITICAL] HP Data Protector - CMD Install Service (Metasploit)
HP Data Protector - CMD Install Service (Metasploit)
---
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# web site for more information on licensing and terms of use.
# http://metasploit.com/
##
# Exploit Title: HP Data Protector Client EXEC_CMD Remote Code Execution Vulnerability
# Date: 2012-13-07
# Exploit Author: Ben Turner, Doug McLeod
# Vendor Homepage: www.hp.com
# Version: 6.10 & 6.11 & 6.20
# Tested on: Windows 2003 Server SP2 en
# CVE: CVE-2011-0922
# Notes: ZDI-11-056
# Reference: http://www.zerodayinitiative.com/advisories/ZDI-11-056/
# Reference: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02781143
require 'msf/core'
class Metasploit3 'HP Data Pro
Exploit-DB
HP Data Protector Client - EXEC_CMD Remote Code Execution
exploitdb·2012-06-19·CVSS 10.0
CVE-2011-0922 [CRITICAL] HP Data Protector Client - EXEC_CMD Remote Code Execution
HP Data Protector Client - EXEC_CMD Remote Code Execution
---
#!/usr/bin/env python
# Exploit Title: HP Data Protector Client EXEC_CMD Remote Code Execution Vulnerability
# Date: 2012-12-06
# Exploit Author: Ben Turner
# Vendor Homepage: www.hp.com
# Version: 6.11 & 6.20
# Tested on: Windows 2003 Server SP2 en
# CVE: CVE-2011-0922
# Notes: ZDI-11-056
# Reference: http://www.zerodayinitiative.com/advisories/ZDI-11-056/
# Reference: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02781143
import socket
import sys
import binascii
if len(sys.argv) != 4:
print ""
print "\033[0;31mUsage: ./hp_protector.py \033[0m"
print ""
print "\033[0;32mMake sure you create a meterpreter payload and a share with the following \\\\\\Omniback\\i386\\installservice.exe\033[0m"
print
No writeups or analysis indexed.
http://osvdb.org/78911http://secunia.com/advisories/47896http://service.real.com/realplayer/security/02062012_player/en/http://www.securityfocus.com/bid/51883https://exchange.xforce.ibmcloud.com/vulnerabilities/73018http://osvdb.org/78911http://secunia.com/advisories/47896http://service.real.com/realplayer/security/02062012_player/en/http://www.securityfocus.com/bid/51883https://exchange.xforce.ibmcloud.com/vulnerabilities/73018
2012-02-08
Published