Lucene search

[email protected]CVE-2010-0416

HistoryFeb 18, 2010 - 11:30 p.m.

CVE-2010-0416

2010-02-1823:30:00

CWE-119

[email protected]

web.nvd.nist.gov

cve-2010-0416

buffer overflow

remote attack

denial of service

code execution

helix player

realplayer

security vulnerability

nvd

8.1 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.244 Low

EPSS

Percentile

96.6%

JSON

Buffer overflow in the Unescape function in common/util/hxurl.cpp and player/hxclientkit/src/CHXClientSink.cpp in Helix Player 1.0.6 and RealPlayer allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a URL argument containing a % (percent) character that is not followed by two hex digits.

Affected configurations

NVD

Node

realnetworkshelix_playerMatch1.0.6linux

realnetworksrealplayerlinux

CPENameOperatorVersion
realnetworks:helix_playerrealnetworks helix playereq1.0.6
realnetworks:realplayerrealnetworks realplayereq*

CPE	Name	Operator	Version
realnetworks:helix_player	realnetworks helix player	eq	1.0.6
realnetworks:realplayer	realnetworks realplayer	eq	*

References

lists.helixcommunity.org/pipermail/common-cvs/2007-July/014956.html

secunia.com/advisories/38450

www.redhat.com/support/errata/RHSA-2010-0094.html

bugzilla.redhat.com/show_bug.cgi?id=561856

helixcommunity.org/viewcvs/common/util/hxurl.cpp?view=log#rev1.24.4.1.4.1

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10847

8.1 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.244 Low

EPSS

Percentile

96.6%

JSON

Related for CVE-2010-0416

prion1 nvd1 ubuntucve1 cvelist1 nessus5 openvas4 oraclelinux1 centos1 redhat1