PT-2010-5462 · Realnetworks+1 · Realplayer Enterprise+5

Publicado

2010-12-14

·

Atualizado

2011-01-26

·

CVE-2010-4385

CVSS v2.0

9.3

Alta

VetorAV:N/AC:M/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions RealPlayer versions 11.0 through 11.1 RealPlayer SP versions 1.0 through 1.1.4 RealPlayer Enterprise version 2.1.2 Linux RealPlayer version 11.0.2.1744 HelixPlayer version 1.0.6
Description The issue is caused by an integer overflow in the handling of crafted frame dimensions in an SIPR stream, allowing remote attackers to have an unspecified impact.
Recommendations For RealPlayer versions 11.0 through 11.1, update to a version outside of this range to resolve the issue. For RealPlayer SP versions 1.0 through 1.1.4, update to a version outside of this range to resolve the issue. For RealPlayer Enterprise version 2.1.2, update to a newer version to resolve the issue. For Linux RealPlayer version 11.0.2.1744, update to a newer version to resolve the issue. For HelixPlayer version 1.0.6, update to a newer version to resolve the issue.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-189

Identificadores relacionados

CVE-2010-4385
RHSA-2010:0981
RHSA-2010_0981

Produtos afetados

Helix Player
Linux Realplayer
Realplayer
Realplayer Enterprise
Realplayer Sp
Red Hat