CVE-2010-0117
9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
7.8 High
AI Score
Confidence
Low
0.406 Medium
EPSS
Percentile
97.3%
RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.4 on Windows do not properly handle dimensions during YUV420 transformations, which might allow remote attackers to execute arbitrary code via crafted MP4 content.
Affected configurations
| CPE | Name | Operator | Version |
|---|---|---|---|
| realnetworks:realplayer | realnetworks realplayer | eq | 11.0 |
| realnetworks:realplayer | realnetworks realplayer | eq | 11.1 |
References
secunia.com/advisories/41096
secunia.com/advisories/41154
secunia.com/secunia_research/2010-5/
service.real.com/realplayer/security/08262010_player/en/
www.securitytracker.com/id?1024370
www.vupen.com/english/advisories/2010/2216
exchange.xforce.ibmcloud.com/vulnerabilities/61421
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7169
Related
9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
7.8 High
AI Score
Confidence
Low
0.406 Medium
EPSS
Percentile
97.3%