PT-2010-5456 · Realnetworks+1 · Realplayer Enterprise+6

Published

2010-12-14

·

Updated

2011-01-26

·

CVE-2010-4379

CVSS v2.0

9.3

High

VectorAV:N/AC:M/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions RealPlayer versions 11.0 through 11.1 RealPlayer SP versions 1.0 through 1.1.4 RealPlayer Enterprise version 2.1.2 Mac RealPlayer versions 11.0 through 11.1 Linux RealPlayer version 11.0.2.1744 HelixPlayer version 1.0.6
Description A heap-based buffer overflow issue allows remote attackers to have an unspecified impact via a crafted SIPR file.
Recommendations For RealPlayer versions 11.0 through 11.1, update to a version outside of the affected range. For RealPlayer SP versions 1.0 through 1.1.4, update to a version outside of the affected range. For RealPlayer Enterprise version 2.1.2, update to a version outside of the affected range. For Mac RealPlayer versions 11.0 through 11.1, update to a version outside of the affected range. For Linux RealPlayer version 11.0.2.1744, update to a version outside of the affected range. For HelixPlayer version 1.0.6, update to a version outside of the affected range.

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

CVE-2010-4379
RHSA-2010:0981
RHSA-2010_0981

Affected Products

Helix Player
Linux Realplayer
Mac Realplayer
Realplayer
Realplayer Enterprise
Realplayer Sp
Red Hat