PT-2010-5468 · Realnetworks · Realplayer Enterprise+2

Sebastian Apelt

Publicado

2010-12-10

Atualizado

2011-01-19

CVE-2010-4391

CVSS v2.0

9.3

Alta

Vetor

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions RealPlayer versions 11.0 through 11.1 RealPlayer SP versions 1.0 through 1.1.5 RealPlayer Enterprise versions 2.1.2 and 2.1.3

Description The issue is related to a heap-based buffer overflow that allows remote attackers to execute arbitrary code. This is achieved by providing a crafted value in an unspecified header field in an RMX file.

Recommendations For RealPlayer versions 11.0 through 11.1, update to a version that contains a fix for this issue. For RealPlayer SP versions 1.0 through 1.1.5, update to a version that contains a fix for this issue. For RealPlayer Enterprise versions 2.1.2 and 2.1.3, update to a version that contains a fix for this issue. As a temporary workaround, consider restricting access to RMX files until a patch is available.

Correção

RCE

Buffer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-119

Identificadores relacionados

CVE-2010-4391

ZDI-10-281

Produtos afetados

Realplayer

Realplayer Enterprise

Realplayer Sp

PT-2010-5468 · Realnetworks · Realplayer Enterprise+2

CVE-2010-4391

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6