Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
seebugRootSSV:20076
HistoryAug 30, 2010 - 12:00 a.m.

RealPlayer畸形IVR对象索引代码执行漏洞

2010-08-3000:00:00
Root
www.seebug.org
15

EPSS

0.523

Percentile

97.6%

JSON

CVE ID: CVE-2010-2996

RealPlayer是一款流行的多媒体播放器。

RealPlayer在解析包含有畸形数据头的RealMedia .IVR文件时错误的信任了数据结构中的索引来查找对象列表。如果攻击者指定了数组边界外的索引,应用之后会从计算出的指针引用对象并调用,导致以当前用户的权限执行任意代码。

Real Networks RealPlayer 11.0 – 11.1
厂商补丁:

Real Networks

目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:

http://service.real.com/realplayer/security/08262010_player/en/

Related

prion 1
cvelist 1
cve 1
securityvulns 2
zdi 1
nvd 1
openvas 2
nessus 2
prion
prion
Code injection
2010-08-30 20:00:00
cvelist
cvelist
CVE-2010-2996
2010-08-30 19:00:00
cve
cve
CVE-2010-2996
2010-08-30 20:00:02
securityvulns
securityvulns
ZDI-10-166: RealNetworks RealPlayer Malformed IVR Object Index Code Execution Vulnerability
2010-08-30 00:00:00
RealNetworks RealPlayer security vulnerabilities
2010-08-30 00:00:00
zdi
zdi
RealNetworks RealPlayer Malformed IVR Object Index Code Execution Vulnerability
2010-08-26 00:00:00
nvd
nvd
CVE-2010-2996
2010-08-30 20:00:02
openvas
openvas
RealNetworks RealPlayer Multiple Vulnerabilities (Windows)
2010-09-08 00:00:00
RealNetworks RealPlayer Multiple Vulnerabilities - Windows
2010-09-08 00:00:00
nessus
nessus
Real Networks RealPlayer SP < 1.1.5 Multiple Vulnerabilities
2010-08-27 00:00:00
RealPlayer for Windows < Build 12.0.0.879 Multiple Vulnerabilities
2010-08-27 00:00:00

EPSS

0.523

Percentile

97.6%

JSON
Related for SSV:20076
prion1cvelist1cve1securityvulns2zdi1nvd1openvas2nessus2