CVE-2010-4375

Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11.1, Mac RealPlayer 11.0 through 11.1, Linux RealPlayer 11.0.2.1744, and possibly HelixPlayer 1.0.6 and other versions, allows remote attackers to execute arbitrary code via malformed multi-rate data in an audio stream.

CVSS v2.0 9.3 HIGH

9.3^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://service.real.com/realplayer/security/12102010_player/en/	Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2010-0981.html
http://www.securitytracker.com/id?1024861
http://www.zerodayinitiative.com/advisories/ZDI-10-266

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:realnetworks:realplayer:11.0:::::::*
	cpe:2.3:a:realnetworks:realplayer:11.0.1:::::::*
	cpe:2.3:a:realnetworks:realplayer:11.0.2:::::::*
	cpe:2.3:a:realnetworks:realplayer:11.0.3:::::::*
	cpe:2.3:a:realnetworks:realplayer:11.0.4:::::::*
	cpe:2.3:a:realnetworks:realplayer:11.0.5:::::::*
	cpe:2.3:a:realnetworks:realplayer:11.1:::::::*

Configuration 2 (hide)

AND

OR	cpe:2.3:a:realnetworks:realplayer:11.0:::::::*
	cpe:2.3:a:realnetworks:realplayer:11.0.1:::::::*
	cpe:2.3:a:realnetworks:realplayer:11.0.2:::::::*
	cpe:2.3:a:realnetworks:realplayer:11.0.3:::::::*
	cpe:2.3:a:realnetworks:realplayer:11.0.4:::::::*
	cpe:2.3:a:realnetworks:realplayer:11.0.5:::::::*
	cpe:2.3:a:realnetworks:realplayer:11.1:::::::*

cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:a:realnetworks:realplayer:11.0.2.1744:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2010-12-14 16:00

Updated : 2024-02-04 17:54

NVD link : CVE-2010-4375

Mitre link : CVE-2010-4375

CVE.ORG link : CVE-2010-4375

JSON object : View

Products Affected

apple

mac_os_x

realnetworks

realplayer

linux

linux_kernel

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

{"id": "CVE-2010-4375", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2010-12-14T16:00:04.303", "references": [{"url": "http://service.real.com/realplayer/security/12102010_player/en/", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.redhat.com/support/errata/RHSA-2010-0981.html", "source": "cve@mitre.org"}, {"url": "http://www.securitytracker.com/id?1024861", "source": "cve@mitre.org"}, {"url": "http://www.zerodayinitiative.com/advisories/ZDI-10-266", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-119"}]}], "descriptions": [{"lang": "en", "value": "Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11.1, Mac RealPlayer 11.0 through 11.1, Linux RealPlayer 11.0.2.1744, and possibly HelixPlayer 1.0.6 and other versions, allows remote attackers to execute arbitrary code via malformed multi-rate data in an audio stream."}, {"lang": "es", "value": "Desbordamiento de buffer bastado en el mont\u00f3n en RealNetworks RealPlayer v11.0 hasta v11.1, Mac RealPlayer v11.0 hasta v12.0.0.1444, y Linux RealPlayer v11.0.2.1744, permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de datos multi ratio mal formados en una corriente de audio."}], "lastModified": "2011-01-26T06:52:14.600", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:realnetworks:realplayer:11.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A8985B3B-BCC9-431D-9788-0C1949DF46E3"}, {"criteria": "cpe:2.3:a:realnetworks:realplayer:11.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9C7517C2-71A8-4223-9F9A-2FE5A2153B53"}, {"criteria": "cpe:2.3:a:realnetworks:realplayer:11.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "11B7CB5F-ACFA-439B-A9B7-54DA402A6029"}, {"criteria": "cpe:2.3:a:realnetworks:realplayer:11.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B2A681B8-62F1-4B23-9E0B-39C61BE72F44"}, {"criteria": "cpe:2.3:a:realnetworks:realplayer:11.0.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F826B276-91E6-495E-B429-51B1C5ECB146"}, {"criteria": "cpe:2.3:a:realnetworks:realplayer:11.0.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0A732E6C-108F-447F-98B1-EA774A0537EB"}, {"criteria": "cpe:2.3:a:realnetworks:realplayer:11.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D03738C3-D659-488D-B285-64A496C0F1FB"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:realnetworks:realplayer:11.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A8985B3B-BCC9-431D-9788-0C1949DF46E3"}, {"criteria": "cpe:2.3:a:realnetworks:realplayer:11.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9C7517C2-71A8-4223-9F9A-2FE5A2153B53"}, {"criteria": "cpe:2.3:a:realnetworks:realplayer:11.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "11B7CB5F-ACFA-439B-A9B7-54DA402A6029"}, {"criteria": "cpe:2.3:a:realnetworks:realplayer:11.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B2A681B8-62F1-4B23-9E0B-39C61BE72F44"}, {"criteria": "cpe:2.3:a:realnetworks:realplayer:11.0.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F826B276-91E6-495E-B429-51B1C5ECB146"}, {"criteria": "cpe:2.3:a:realnetworks:realplayer:11.0.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0A732E6C-108F-447F-98B1-EA774A0537EB"}, {"criteria": "cpe:2.3:a:realnetworks:realplayer:11.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D03738C3-D659-488D-B285-64A496C0F1FB"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "0FF5999A-9D12-4CDD-8DE9-A89C10B2D574"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:realnetworks:realplayer:11.0.2.1744:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "381DD10A-3459-40BD-88DB-2CC0BCA63F4C"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "155AD4FB-E527-4103-BCEF-801B653DEA37"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}