Lucene search

[email protected]NVD:CVE-2009-4257

HistoryJan 25, 2010 - 7:30 p.m.

CVE-2009-4257

2010-01-2519:30:01

CWE-119

[email protected]

web.nvd.nist.gov

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.9

Confidence

Low

EPSS

0.631

Percentile

97.9%

JSON

Heap-based buffer overflow in datatype/smil/common/smlpkt.cpp in smlrender.dll in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10 and 11.0.0, and Helix Player 10.x and 11.0.0 allows remote attackers to execute arbitrary code via an SMIL file with crafted string lengths.

Affected configurations

Nvd

Node

realnetworksrealplayerMatch10.0

realnetworksrealplayerMatch10.5

realnetworksrealplayerMatch11.0

realnetworksrealplayerMatch11.0.1

realnetworksrealplayerMatch11.0.2

realnetworksrealplayerMatch11.0.3

realnetworksrealplayerMatch11.0.4

realnetworksrealplayerMatch11.0.5

realnetworksrealplayer_enterprise

realnetworksrealplayer_spMatch1.0.0

realnetworksrealplayer_spMatch1.0.1

AND

microsoftwindows

Node

realnetworksrealplayerMatch10.0

realnetworksrealplayerMatch10.1

realnetworksrealplayerMatch11.0

realnetworksrealplayerMatch11.0.1

AND

applemac_os_x

Node

realnetworkshelix_playerMatch10.0

realnetworkshelix_playerMatch11.0.0

realnetworkshelix_playerMatch11.0.1

realnetworksrealplayerMatch10.0linux

realnetworksrealplayerMatch11.0.0linux

realnetworksrealplayerMatch11.0.1linux

VendorProductVersionCPE
realnetworksrealplayer10.0cpe:2.3:a:realnetworks:realplayer:10.0:*:*:*:*:*:*:*
realnetworksrealplayer10.5cpe:2.3:a:realnetworks:realplayer:10.5:*:*:*:*:*:*:*
realnetworksrealplayer11.0cpe:2.3:a:realnetworks:realplayer:11.0:*:*:*:*:*:*:*
realnetworksrealplayer11.0.1cpe:2.3:a:realnetworks:realplayer:11.0.1:*:*:*:*:*:*:*
realnetworksrealplayer11.0.2cpe:2.3:a:realnetworks:realplayer:11.0.2:*:*:*:*:*:*:*
realnetworksrealplayer11.0.3cpe:2.3:a:realnetworks:realplayer:11.0.3:*:*:*:*:*:*:*
realnetworksrealplayer11.0.4cpe:2.3:a:realnetworks:realplayer:11.0.4:*:*:*:*:*:*:*
realnetworksrealplayer11.0.5cpe:2.3:a:realnetworks:realplayer:11.0.5:*:*:*:*:*:*:*
realnetworksrealplayer_enterprise*cpe:2.3:a:realnetworks:realplayer_enterprise:*:*:*:*:*:*:*:*
realnetworksrealplayer_sp1.0.0cpe:2.3:a:realnetworks:realplayer_sp:1.0.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
realnetworks	realplayer	10.0	cpe:2.3:a:realnetworks:realplayer:10.0:::::::*
realnetworks	realplayer	10.5	cpe:2.3:a:realnetworks:realplayer:10.5:::::::*
realnetworks	realplayer	11.0	cpe:2.3:a:realnetworks:realplayer:11.0:::::::*
realnetworks	realplayer	11.0.1	cpe:2.3:a:realnetworks:realplayer:11.0.1:::::::*
realnetworks	realplayer	11.0.2	cpe:2.3:a:realnetworks:realplayer:11.0.2:::::::*
realnetworks	realplayer	11.0.3	cpe:2.3:a:realnetworks:realplayer:11.0.3:::::::*
realnetworks	realplayer	11.0.4	cpe:2.3:a:realnetworks:realplayer:11.0.4:::::::*
realnetworks	realplayer	11.0.5	cpe:2.3:a:realnetworks:realplayer:11.0.5:::::::*
realnetworks	realplayer_enterprise	*	cpe:2.3:a:realnetworks:realplayer_enterprise::::::::
realnetworks	realplayer_sp	1.0.0	cpe:2.3:a:realnetworks:realplayer_sp:1.0.0:::::::*