PT-2010-5455 · Realnetworks+1 · Realplayer Enterprise+5

Publicado

2010-12-10

Atualizado

2011-01-26

CVE-2010-4378

CVSS v2.0

9.3

Alta

Vetor

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions RealPlayer versions 11.0 through 11.1 RealPlayer SP versions 1.0 through 1.1.5 RealPlayer Enterprise versions 2.1.2 and 2.1.3 Linux RealPlayer version 11.0.2.1744 HelixPlayer version 1.0.6

Description The issue allows remote attackers to execute arbitrary code or cause a denial of service due to heap memory corruption via a crafted value of an unspecified length field in an RV20 video stream.

Recommendations For RealPlayer versions 11.0 through 11.1, update to a version that is not affected by this issue. For RealPlayer SP versions 1.0 through 1.1.5, update to a version that is not affected by this issue. For RealPlayer Enterprise versions 2.1.2 and 2.1.3, update to a version that is not affected by this issue. For Linux RealPlayer version 11.0.2.1744, update to a version that is not affected by this issue. For HelixPlayer version 1.0.6, update to a version that is not affected by this issue.

Correção

RCE

DoS

Buffer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-119

Identificadores relacionados

CVE-2010-4378

RHSA-2010:0981

RHSA-2010_0981

ZDI-10-274

Produtos afetados

Helix Player

Linux Realplayer

Realplayer

Realplayer Enterprise

Realplayer Sp

Red Hat

PT-2010-5455 · Realnetworks+1 · Realplayer Enterprise+5

CVE-2010-4378

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 17