CVE-2010-4389

Heap-based buffer overflow in the cook codec in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.5, and Linux RealPlayer 11.0.2.1744 allows remote attackers to execute arbitrary code via unspecified data in the initialization buffer.

CVSS v2.0 9.3 HIGH

9.3^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://osvdb.org/69849
http://service.real.com/realplayer/security/12102010_player/en/	Vendor Advisory
http://www.securitytracker.com/id?1024861
http://www.zerodayinitiative.com/advisories/ZDI-10-279

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:realnetworks:realplayer:11.0:::::::*
	cpe:2.3:a:realnetworks:realplayer:11.0.1:::::::*
	cpe:2.3:a:realnetworks:realplayer:11.0.2:::::::*
	cpe:2.3:a:realnetworks:realplayer:11.0.3:::::::*
	cpe:2.3:a:realnetworks:realplayer:11.0.4:::::::*
	cpe:2.3:a:realnetworks:realplayer:11.0.5:::::::*
	cpe:2.3:a:realnetworks:realplayer:11.1:::::::*

Configuration 2 (hide)

OR	cpe:2.3:a:realnetworks:realplayer_sp:1.0.0:::::::*
	cpe:2.3:a:realnetworks:realplayer_sp:1.0.1:::::::*
	cpe:2.3:a:realnetworks:realplayer_sp:1.0.2:::::::*
	cpe:2.3:a:realnetworks:realplayer_sp:1.0.5:::::::*
	cpe:2.3:a:realnetworks:realplayer_sp:1.1:::::::*
	cpe:2.3:a:realnetworks:realplayer_sp:1.1.1:::::::*
	cpe:2.3:a:realnetworks:realplayer_sp:1.1.2:::::::*
	cpe:2.3:a:realnetworks:realplayer_sp:1.1.3:::::::*
	cpe:2.3:a:realnetworks:realplayer_sp:1.1.4:::::::*
	cpe:2.3:a:realnetworks:realplayer_sp:1.1.5:::::::*

Configuration 3 (hide)

AND

cpe:2.3:a:realnetworks:realplayer:11.0.2.1744:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2010-12-14 16:00

Updated : 2024-02-04 17:54

NVD link : CVE-2010-4389

Mitre link : CVE-2010-4389

CVE.ORG link : CVE-2010-4389

JSON object : View

Products Affected

realnetworks

realplayer_sp
realplayer

linux

linux_kernel

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

{"id": "CVE-2010-4389", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2010-12-14T16:00:04.913", "references": [{"url": "http://osvdb.org/69849", "source": "cve@mitre.org"}, {"url": "http://service.real.com/realplayer/security/12102010_player/en/", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securitytracker.com/id?1024861", "source": "cve@mitre.org"}, {"url": "http://www.zerodayinitiative.com/advisories/ZDI-10-279", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-119"}]}], "descriptions": [{"lang": "en", "value": "Heap-based buffer overflow in the cook codec in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.5, and Linux RealPlayer 11.0.2.1744 allows remote attackers to execute arbitrary code via unspecified data in the initialization buffer."}, {"lang": "es", "value": "Desbordamiento de buffer basado en mont\u00f3n en el codec cook de RealNetworks RealPlayer v11.0 hasta v11.1, RealPlayer SP v1.0 hasta v1.1.5, y Linux RealPlayer v11.0.2.1744, permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de datos no especificados en la inicializaci\u00f3n del buffer."}], "lastModified": "2011-01-19T07:02:15.647", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:realnetworks:realplayer:11.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A8985B3B-BCC9-431D-9788-0C1949DF46E3"}, {"criteria": "cpe:2.3:a:realnetworks:realplayer:11.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9C7517C2-71A8-4223-9F9A-2FE5A2153B53"}, {"criteria": "cpe:2.3:a:realnetworks:realplayer:11.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "11B7CB5F-ACFA-439B-A9B7-54DA402A6029"}, {"criteria": "cpe:2.3:a:realnetworks:realplayer:11.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B2A681B8-62F1-4B23-9E0B-39C61BE72F44"}, {"criteria": "cpe:2.3:a:realnetworks:realplayer:11.0.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F826B276-91E6-495E-B429-51B1C5ECB146"}, {"criteria": "cpe:2.3:a:realnetworks:realplayer:11.0.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0A732E6C-108F-447F-98B1-EA774A0537EB"}, {"criteria": "cpe:2.3:a:realnetworks:realplayer:11.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D03738C3-D659-488D-B285-64A496C0F1FB"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:realnetworks:realplayer_sp:1.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8BFD9C4F-E93B-4BCE-A5E2-A20945EB8534"}, {"criteria": "cpe:2.3:a:realnetworks:realplayer_sp:1.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5BBEBAA2-4892-4F9E-8C0E-94CA90DCD28D"}, {"criteria": "cpe:2.3:a:realnetworks:realplayer_sp:1.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "53D7AE43-A3AC-4B38-B0A3-E6F02834224F"}, {"criteria": "cpe:2.3:a:realnetworks:realplayer_sp:1.0.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "59FEDCDF-9FBF-4D08-A50F-FF92763DFC21"}, {"criteria": "cpe:2.3:a:realnetworks:realplayer_sp:1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "54A11B3A-547C-4F2F-A58E-DE06DBBE8115"}, {"criteria": "cpe:2.3:a:realnetworks:realplayer_sp:1.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C7243D80-913D-405C-9988-B8473DB1A5DC"}, {"criteria": "cpe:2.3:a:realnetworks:realplayer_sp:1.1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D4C6D399-FF31-441D-A363-BD53CFE5569A"}, {"criteria": "cpe:2.3:a:realnetworks:realplayer_sp:1.1.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9818A6FB-2CF5-4236-8EFE-95458D603CC1"}, {"criteria": "cpe:2.3:a:realnetworks:realplayer_sp:1.1.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "73CC0582-D889-4907-A32E-218AC2B0591F"}, {"criteria": "cpe:2.3:a:realnetworks:realplayer_sp:1.1.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2B5DD6CF-CCC7-40DD-A6CA-B9BBC339998F"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:realnetworks:realplayer:11.0.2.1744:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "381DD10A-3459-40BD-88DB-2CC0BCA63F4C"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "155AD4FB-E527-4103-BCEF-801B653DEA37"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}