Lucene search
HistoryJan 21, 2010 - 12:00 a.m.
RealNetworks RealPlayer Skin Parsing Remote Code Execution Vulnerability
EPSS
0.459
Percentile
97.4%
This vulnerability allows remote attackers to execute code on vulnerable installations of RealNetworks RealPlayer. User interaction is required in that a user must visit a malicious website or open a malicious file and accept a dialog to switch player skins. The specific flaw exists during parsing of malformed RealPlayer .RJS skin files. While loading a skin the application copies certain variable length fields from the extracted file named web.xmb into a statically sized buffer. By crafting these fields appropriately an attack can cause the process to overflow the buffer. This can be leveraged to execute arbitrary code with the privileges of the application.
Related
nvd
nvd
CVE-2009-4246
2010-01-25 19:30:01
cve
cve
CVE-2009-4246
2010-01-25 19:30:01
prion
prion
Stack overflow
2010-01-25 19:30:00
cvelist
cvelist
CVE-2009-4246
2010-01-25 19:00:00
securityvulns
securityvulns
ZDI-10-010: RealNetworks RealPlayer Skin Parsing Remote Code Execution Vulnerability
2010-01-21 00:00:00
RealNetworks RealPlayer multiple security vulnerabilities
2010-02-02 00:00:00
ubuntucve
ubuntucve
CVE-2009-4246
2010-01-25 00:00:00
seebug
seebug
RealPlayer皮肤和媒体文件解析多个缓冲区溢出漏洞
2010-01-22 00:00:00
nessus
nessus
Real Networks RealPlayer < RealPlayer SP 1.0.5 Multiple Vulnerabilities
2010-01-22 00:00:00
RealPlayer for Windows < Build 12.0.0.319 Multiple Buffer Overflows
2010-01-22 00:00:00
openvas
openvas
RealNetworks RealPlayer Multiple Code Execution Vulnerabilities - Windows
2010-02-02 00:00:00
RealNetworks RealPlayer Multiple Code Execution Vulnerabilities (Linux)
2010-02-02 00:00:00
RealNetworks RealPlayer Multiple Code Execution Vulnerabilities - Linux
2010-02-02 00:00:00