PT-2010-1932 · Realnetworks · Realplayer+1

Publicado

2010-08-30

Atualizado

2017-09-19

CVE-2010-0116

CVSS v2.0

9.3

Alta

Vetor

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions RealPlayer versions 11.0 through 11.1 RealPlayer SP versions 1.0 through 1.1.4

Description The issue is related to an integer overflow that might allow remote attackers to execute arbitrary code via a crafted QCP file, triggering a heap-based buffer overflow.

Recommendations For RealPlayer versions 11.0 through 11.1, update to a version that fixes the integer overflow issue. For RealPlayer SP versions 1.0 through 1.1.4, update to a version that fixes the integer overflow issue. As a temporary workaround, consider avoiding the use of QCP files until a patch is available.

Correção

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-189

Identificadores relacionados

CVE-2010-0116

Produtos afetados

Realplayer

Realplayer Sp

PT-2010-1932 · Realnetworks · Realplayer+1

CVE-2010-0116

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 11