CVE-2010-4385

Severity

93%

Complexity

86%

Confidentiality

165%

Integer overflow in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.4, RealPlayer Enterprise 2.1.2, Linux RealPlayer 11.0.2.1744, and possibly HelixPlayer 1.0.6 and other versions, allows remote attackers to have an unspecified impact via crafted frame dimensions in an SIPR stream.

CVSS 2.0 Base Score 9.3. CVSS Attack Vector: network. CVSS Attack Complexity: medium. CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C).

Overview

Type

RealNetworks RealPlayer

First reported 14 years ago

2010-12-14 16:00:00

Last updated 14 years ago

2011-01-26 06:52:00

Affected Software

RealNetworks RealPlayer 11.0

11.0

RealNetworks RealPlayer 11.0.1

11.0.1

RealNetworks RealPlayer 11.0.2

11.0.2

RealNetworks RealPlayer 11.0.3

11.0.3

RealNetworks RealPlayer 11.0.4

11.0.4

RealNetworks RealPlayer 11.0.5

11.0.5

RealNetworks RealPlayer 11.1

11.1

RealNetworks RealPlayer SP 1.0.0

1.0.0

RealNetworks RealPlayer SP 1.0.1

1.0.1

RealNetworks RealPlayer SP 1.0.2

1.0.2

RealNetworks RealPlayer SP 1.0.5

1.0.5

RealNetworks RealPlayer SP 1.1

1.1

RealNetworks RealPlayer SP 1.1.1

1.1.1

RealNetworks RealPlayer SP 1.1.2

1.1.2

RealNetworks RealPlayer SP 1.1.3

1.1.3

RealNetworks RealPlayer SP 1.1.4

1.1.4

RealNetworks RealPlayer 2.1.2 Enterprise

2.1.2

References

http://service.real.com/realplayer/security/12102010_player/en/

Vendor Advisory

RHSA-2010:0981

1024861

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.