PT-2010-5460 · Realnetworks+1 · Realplayer Enterprise+6

Publicado

2010-12-14

·

Atualizado

2011-01-26

·

CVE-2010-4383

CVSS v2.0

9.3

Alta

VetorAV:N/AC:M/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions RealPlayer versions 11.0 through 11.1 RealPlayer SP versions 1.0 through 1.1.4 RealPlayer Enterprise version 2.1.2 Mac RealPlayer versions 11.0 through 12.0.0.1444 Linux RealPlayer version 11.0.2.1744 HelixPlayer version 1.0.6
Description A heap-based buffer overflow issue allows remote attackers to have an unspecified impact via a crafted RA5 file.
Recommendations For RealPlayer versions 11.0 through 11.1, update to a version outside of the affected range. For RealPlayer SP versions 1.0 through 1.1.4, update to a version outside of the affected range. For RealPlayer Enterprise version 2.1.2, update to a version outside of the affected range. For Mac RealPlayer versions 11.0 through 12.0.0.1444, update to a version outside of the affected range. For Linux RealPlayer version 11.0.2.1744, update to a version outside of the affected range. For HelixPlayer version 1.0.6, update to a version outside of the affected range.

Correção

Buffer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-119

Identificadores relacionados

CVE-2010-4383
RHSA-2010:0981
RHSA-2010_0981

Produtos afetados

Helix Player
Linux Realplayer
Mac Realplayer
Realplayer
Realplayer Enterprise
Realplayer Sp
Red Hat