PT-2010-5473 · Realnetworks · Linux Realplayer+3
Publicado
2010-12-10
·
Atualizado
2011-01-19
·
CVE-2010-4397
CVSS v2.0
9.3
Alta
| Vetor | AV:N/AC:M/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
RealPlayer versions 11.0 through 11.1
RealPlayer SP versions 1.0 through 1.1.1
Mac RealPlayer versions 11.0 through 11.1
Linux RealPlayer version 11.0.2.1744
Description
The issue is related to an integer overflow in the pnen3260.dll module. This allows remote attackers to execute arbitrary code via a crafted TIT2 atom in an AAC file.
Recommendations
For RealPlayer versions 11.0 through 11.1, update to a version that fixes the integer overflow issue in the pnen3260.dll module.
For RealPlayer SP versions 1.0 through 1.1.1, update to a version that fixes the integer overflow issue in the pnen3260.dll module.
For Mac RealPlayer versions 11.0 through 11.1, update to a version that fixes the integer overflow issue in the pnen3260.dll module.
For Linux RealPlayer version 11.0.2.1744, update to a version that fixes the integer overflow issue in the pnen3260.dll module.
Correção
RCE
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Linux Realplayer
Mac Realplayer
Realplayer
Realplayer Sp