Lucene search

MitreCVE-2009-4247

HistoryJan 25, 2010 - 7:30 p.m.

CVE-2009-4247

2010-01-2519:30:01

CWE-119

mitre

web.nvd.nist.gov

cve-2009-4247

realnetworks

realplayer

buffer overflow

remote attackers

denial of service

arbitrary code

asm rulebook

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

8.2

Confidence

High

EPSS

0.101

Percentile

95.0%

JSON

Stack-based buffer overflow in protocol/rtsp/rtspclnt.cpp in RealNetworks RealPlayer 10; RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741; RealPlayer 11 11.0.x; RealPlayer SP 1.0.0 and 1.0.1; RealPlayer Enterprise; Mac RealPlayer 10, 10.1, 11.0, and 11.0.1; Linux RealPlayer 10, 11.0.0, and 11.0.1; and Helix Player 10.x, 11.0.0, and 11.0.1 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an ASM RuleBook with a large number of rules, related to an “array overflow.”

Affected configurations

Nvd

Node

realnetworksrealplayerMatch10.0

realnetworksrealplayerMatch10.5

realnetworksrealplayerMatch11.0

realnetworksrealplayerMatch11.0.1

realnetworksrealplayerMatch11.0.2

realnetworksrealplayerMatch11.0.3

realnetworksrealplayerMatch11.0.4

realnetworksrealplayerMatch11.0.5

realnetworksrealplayer_enterprise

realnetworksrealplayer_spMatch1.0.0

realnetworksrealplayer_spMatch1.0.1

AND

microsoftwindows

Node

realnetworksrealplayerMatch10.0

realnetworksrealplayerMatch10.1

realnetworksrealplayerMatch11.0

realnetworksrealplayerMatch11.0.1

AND

applemac_os_x

Node

realnetworkshelix_playerMatch10.0

realnetworkshelix_playerMatch11.0.0

realnetworkshelix_playerMatch11.0.1

realnetworksrealplayerMatch10.0linux

realnetworksrealplayerMatch11.0.0linux

realnetworksrealplayerMatch11.0.1linux

VendorProductVersionCPE
realnetworksrealplayer10.0cpe:2.3:a:realnetworks:realplayer:10.0:*:*:*:*:*:*:*
realnetworksrealplayer10.5cpe:2.3:a:realnetworks:realplayer:10.5:*:*:*:*:*:*:*
realnetworksrealplayer11.0cpe:2.3:a:realnetworks:realplayer:11.0:*:*:*:*:*:*:*
realnetworksrealplayer11.0.1cpe:2.3:a:realnetworks:realplayer:11.0.1:*:*:*:*:*:*:*
realnetworksrealplayer11.0.2cpe:2.3:a:realnetworks:realplayer:11.0.2:*:*:*:*:*:*:*
realnetworksrealplayer11.0.3cpe:2.3:a:realnetworks:realplayer:11.0.3:*:*:*:*:*:*:*
realnetworksrealplayer11.0.4cpe:2.3:a:realnetworks:realplayer:11.0.4:*:*:*:*:*:*:*
realnetworksrealplayer11.0.5cpe:2.3:a:realnetworks:realplayer:11.0.5:*:*:*:*:*:*:*
realnetworksrealplayer_enterprise*cpe:2.3:a:realnetworks:realplayer_enterprise:*:*:*:*:*:*:*:*
realnetworksrealplayer_sp1.0.0cpe:2.3:a:realnetworks:realplayer_sp:1.0.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
realnetworks	realplayer	10.0	cpe:2.3:a:realnetworks:realplayer:10.0:::::::*
realnetworks	realplayer	10.5	cpe:2.3:a:realnetworks:realplayer:10.5:::::::*
realnetworks	realplayer	11.0	cpe:2.3:a:realnetworks:realplayer:11.0:::::::*
realnetworks	realplayer	11.0.1	cpe:2.3:a:realnetworks:realplayer:11.0.1:::::::*
realnetworks	realplayer	11.0.2	cpe:2.3:a:realnetworks:realplayer:11.0.2:::::::*
realnetworks	realplayer	11.0.3	cpe:2.3:a:realnetworks:realplayer:11.0.3:::::::*
realnetworks	realplayer	11.0.4	cpe:2.3:a:realnetworks:realplayer:11.0.4:::::::*
realnetworks	realplayer	11.0.5	cpe:2.3:a:realnetworks:realplayer:11.0.5:::::::*
realnetworks	realplayer_enterprise	*	cpe:2.3:a:realnetworks:realplayer_enterprise::::::::
realnetworks	realplayer_sp	1.0.0	cpe:2.3:a:realnetworks:realplayer_sp:1.0.0:::::::*