PT-2010-2188 · Realnetworks+1 · Realplayer+2
Publicado
2010-02-09
·
Atualizado
2017-09-19
·
CVE-2010-0416
CVSS v2.0
7.5
Alta
| Vetor | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Helix Player version 1.0.6
RealPlayer (affected versions not specified)
Description
The issue is related to a buffer overflow in the Unescape function, which can be triggered by a URL argument containing a % (percent) character not followed by two hex digits. This can cause a denial of service (application crash) or possibly allow the execution of arbitrary code.
Recommendations
For Helix Player version 1.0.6, update to a version that fixes the buffer overflow issue in the Unescape function.
For RealPlayer, at the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
DoS
Buffer Overflow
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Helix Player
Realplayer
Red Hat