CVE-2010-0416

Buffer overflow in the Unescape function in common/util/hxurl.cpp and player/hxclientkit/src/CHXClientSink.cpp in Helix Player 1.0.6 and RealPlayer allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a URL argument containing a % (percent) character that is not followed by two hex digits.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:realnetworks:helix_player:1.0.6:*:linux:*:*:*:*:*
cpe:2.3:a:realnetworks:realplayer:*:*:linux:*:*:*:*:*

History

No history.

Information

Published : 2010-02-18 23:30

Updated : 2024-02-04 17:54


NVD link : CVE-2010-0416

Mitre link : CVE-2010-0416

CVE.ORG link : CVE-2010-0416


JSON object : View

Products Affected

realnetworks

  • helix_player
  • realplayer
CWE
CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer