CVE-2010-4382

Multiple heap-based buffer overflows in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.4, RealPlayer Enterprise 2.1.2, Linux RealPlayer 11.0.2.1744, and possibly HelixPlayer 1.0.6 and other versions, allow remote attackers to have an unspecified impact via a crafted RealMedia file.

CVSS v2.0 9.3 HIGH

9.3^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://service.real.com/realplayer/security/12102010_player/en/	Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2010-0981.html
http://www.securitytracker.com/id?1024861

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:realnetworks:realplayer:11.0:::::::*
	cpe:2.3:a:realnetworks:realplayer:11.0.1:::::::*
	cpe:2.3:a:realnetworks:realplayer:11.0.2:::::::*
	cpe:2.3:a:realnetworks:realplayer:11.0.3:::::::*
	cpe:2.3:a:realnetworks:realplayer:11.0.4:::::::*
	cpe:2.3:a:realnetworks:realplayer:11.0.5:::::::*
	cpe:2.3:a:realnetworks:realplayer:11.1:::::::*

Configuration 2 (hide)

OR	cpe:2.3:a:realnetworks:realplayer_sp:1.0.0:::::::*
	cpe:2.3:a:realnetworks:realplayer_sp:1.0.1:::::::*
	cpe:2.3:a:realnetworks:realplayer_sp:1.0.2:::::::*
	cpe:2.3:a:realnetworks:realplayer_sp:1.0.5:::::::*
	cpe:2.3:a:realnetworks:realplayer_sp:1.1:::::::*
	cpe:2.3:a:realnetworks:realplayer_sp:1.1.1:::::::*
	cpe:2.3:a:realnetworks:realplayer_sp:1.1.2:::::::*
	cpe:2.3:a:realnetworks:realplayer_sp:1.1.3:::::::*
	cpe:2.3:a:realnetworks:realplayer_sp:1.1.4:::::::*

Configuration 3 (hide)

AND

cpe:2.3:a:realnetworks:realplayer:11.0.2.1744:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Configuration 4 (hide)

cpe:2.3:a:realnetworks:realplayer:2.1.2:*:enterprise:*:*:*:*:*

History

No history.

Information

Published : 2010-12-14 16:00

Updated : 2024-02-04 17:54

NVD link : CVE-2010-4382

Mitre link : CVE-2010-4382

CVE.ORG link : CVE-2010-4382

JSON object : View

Products Affected

realnetworks

realplayer_sp
realplayer

linux

linux_kernel

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

{"id": "CVE-2010-4382", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2010-12-14T16:00:04.570", "references": [{"url": "http://service.real.com/realplayer/security/12102010_player/en/", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.redhat.com/support/errata/RHSA-2010-0981.html", "source": "cve@mitre.org"}, {"url": "http://www.securitytracker.com/id?1024861", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-119"}]}], "descriptions": [{"lang": "en", "value": "Multiple heap-based buffer overflows in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.4, RealPlayer Enterprise 2.1.2, Linux RealPlayer 11.0.2.1744, and possibly HelixPlayer 1.0.6 and other versions, allow remote attackers to have an unspecified impact via a crafted RealMedia file."}, {"lang": "es", "value": "M\u00faltiples desbordamientos de b\u00fafer basados en mont\u00edculo en RealNetworks RealPlayer v11.0 a v11.1, RealPlayer SP v1.0 a v1.1.4, RealPlayer Enterprise v2.1.2 y Linux v11.0.2.1744 RealPlayer permite a atacantes remotos tener un impacto no especificado a trav\u00e9s de un archivo de RealMedia modificado."}], "lastModified": "2011-01-26T06:52:15.350", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:realnetworks:realplayer:11.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A8985B3B-BCC9-431D-9788-0C1949DF46E3"}, {"criteria": "cpe:2.3:a:realnetworks:realplayer:11.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9C7517C2-71A8-4223-9F9A-2FE5A2153B53"}, {"criteria": "cpe:2.3:a:realnetworks:realplayer:11.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "11B7CB5F-ACFA-439B-A9B7-54DA402A6029"}, {"criteria": "cpe:2.3:a:realnetworks:realplayer:11.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B2A681B8-62F1-4B23-9E0B-39C61BE72F44"}, {"criteria": "cpe:2.3:a:realnetworks:realplayer:11.0.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F826B276-91E6-495E-B429-51B1C5ECB146"}, {"criteria": "cpe:2.3:a:realnetworks:realplayer:11.0.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0A732E6C-108F-447F-98B1-EA774A0537EB"}, {"criteria": "cpe:2.3:a:realnetworks:realplayer:11.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D03738C3-D659-488D-B285-64A496C0F1FB"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:realnetworks:realplayer_sp:1.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8BFD9C4F-E93B-4BCE-A5E2-A20945EB8534"}, {"criteria": "cpe:2.3:a:realnetworks:realplayer_sp:1.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5BBEBAA2-4892-4F9E-8C0E-94CA90DCD28D"}, {"criteria": "cpe:2.3:a:realnetworks:realplayer_sp:1.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "53D7AE43-A3AC-4B38-B0A3-E6F02834224F"}, {"criteria": "cpe:2.3:a:realnetworks:realplayer_sp:1.0.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "59FEDCDF-9FBF-4D08-A50F-FF92763DFC21"}, {"criteria": "cpe:2.3:a:realnetworks:realplayer_sp:1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "54A11B3A-547C-4F2F-A58E-DE06DBBE8115"}, {"criteria": "cpe:2.3:a:realnetworks:realplayer_sp:1.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C7243D80-913D-405C-9988-B8473DB1A5DC"}, {"criteria": "cpe:2.3:a:realnetworks:realplayer_sp:1.1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D4C6D399-FF31-441D-A363-BD53CFE5569A"}, {"criteria": "cpe:2.3:a:realnetworks:realplayer_sp:1.1.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9818A6FB-2CF5-4236-8EFE-95458D603CC1"}, {"criteria": "cpe:2.3:a:realnetworks:realplayer_sp:1.1.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "73CC0582-D889-4907-A32E-218AC2B0591F"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:realnetworks:realplayer:11.0.2.1744:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "381DD10A-3459-40BD-88DB-2CC0BCA63F4C"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "155AD4FB-E527-4103-BCEF-801B653DEA37"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:realnetworks:realplayer:2.1.2:*:enterprise:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1E2BC096-43B6-4696-8467-CC3D0163EFF5"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}