PT-2010-5473 · Realnetworks · Linux Realplayer+3
Published
2010-12-10
·
Updated
2011-01-19
·
CVE-2010-4397
CVSS v2.0
9.3
High
| Vector | AV:N/AC:M/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
RealPlayer versions 11.0 through 11.1
RealPlayer SP versions 1.0 through 1.1.1
Mac RealPlayer versions 11.0 through 11.1
Linux RealPlayer version 11.0.2.1744
Description
The issue is related to an integer overflow in the pnen3260.dll module. This allows remote attackers to execute arbitrary code via a crafted TIT2 atom in an AAC file.
Recommendations
For RealPlayer versions 11.0 through 11.1, update to a version that fixes the integer overflow issue in the pnen3260.dll module.
For RealPlayer SP versions 1.0 through 1.1.1, update to a version that fixes the integer overflow issue in the pnen3260.dll module.
For Mac RealPlayer versions 11.0 through 11.1, update to a version that fixes the integer overflow issue in the pnen3260.dll module.
For Linux RealPlayer version 11.0.2.1744, update to a version that fixes the integer overflow issue in the pnen3260.dll module.
Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Linux Realplayer
Mac Realplayer
Realplayer
Realplayer Sp