Lucene search
Sebastian Apelt (www.siberas.de)ZDI-10-281HistoryDec 10, 2010 - 12:00 a.m.
RealNetworks RealPlayer RMX Header Remote Code Execution Vulnerability
2010-12-1000:00:00
Sebastian Apelt (www.siberas.de)
www.zerodayinitiative.com
14
EPSS
0.209
Percentile
96.5%
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the applications support for parsing the RMX file format. When parsing the format, the application will explicitly trust 32-bits in a field used in the header for the allocation of an array. This can cause a buffer to be under-allocated and will cause a buffer overflow when initializing the array. This can lead to code execution under the context of the application.
Related
cvelist
cvelist
CVE-2010-4391
2010-12-14 15:00:00
prion
prion
Heap overflow
2010-12-14 16:00:00
nvd
nvd
CVE-2010-4391
2010-12-14 16:00:04
cve
cve
CVE-2010-4391
2010-12-14 16:00:04
openvas
openvas
RealNetworks RealPlayer Multiple Vulnerabilities (Dec 2010) - Windows
2010-12-29 00:00:00
RealNetworks RealPlayer Multiple Vulnerabilities (Windows) - Dec10
2010-12-29 00:00:00
nessus
nessus
Real Networks RealPlayer < 14.0.1.609 (Build 12.0.1.609) Multiple Vulnerabilities
2010-11-15 00:00:00
RealPlayer for Windows < Build 12.0.1.609 Multiple Vulnerabilities
2010-11-16 00:00:00