Lucene search

[email protected]CVE-2010-0417

HistoryFeb 18, 2010 - 11:30 p.m.

CVE-2010-0417

2010-02-1823:30:00

CWE-119

[email protected]

web.nvd.nist.gov

cve-2010-0417

buffer overflow

helix player

realplayer

denial of service

arbitrary code

nvd

8.1 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.267 Low

EPSS

Percentile

96.8%

JSON

Buffer overflow in common/util/rlstate.cpp in Helix Player 1.0.6 and RealPlayer allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a RuleBook structure with a large number of rule-separator characters that trigger heap memory corruption.

Affected configurations

NVD

Node

realnetworkshelix_playerMatch1.0.6

realnetworksrealplayer

CPENameOperatorVersion
realnetworks:helix_playerrealnetworks helix playereq1.0.6
realnetworks:realplayerrealnetworks realplayereq*

CPE	Name	Operator	Version
realnetworks:helix_player	realnetworks helix player	eq	1.0.6
realnetworks:realplayer	realnetworks realplayer	eq	*

References

lists.helixcommunity.org/pipermail/common-cvs/2008-January/015484.html

secunia.com/advisories/38450

www.redhat.com/support/errata/RHSA-2010-0094.html

bugzilla.redhat.com/show_bug.cgi?id=561860

helixcommunity.org/viewcvs/common/util/rlstate.cpp?view=log#rev1.10

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11364

8.1 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.267 Low

EPSS

Percentile

96.8%

JSON

Related for CVE-2010-0417

ubuntucve1 nvd1 prion1 cvelist1 nessus5 openvas4 redhat1 oraclelinux1 centos1