Lucene search

K
cve[email protected]CVE-2010-3747
HistoryOct 19, 2010 - 12:00 a.m.

CVE-2010-3747

2010-10-1900:00:01
CWE-119
web.nvd.nist.gov
118
realnetworks
realplayer
activex control
remote code execution
denial of service
cve-2010-3747
nvd

7.7 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.953 High

EPSS

Percentile

99.4%

An ActiveX control in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.4, and RealPlayer Enterprise 2.1.2 does not properly initialize an unspecified object component during parsing of a CDDA URI, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized pointer dereference and application crash) via a long URI.

Affected configurations

NVD
Node
realnetworksrealplayerMatch11.0
OR
realnetworksrealplayerMatch11.0.1
OR
realnetworksrealplayerMatch11.0.2
OR
realnetworksrealplayerMatch11.0.3
OR
realnetworksrealplayerMatch11.0.4
OR
realnetworksrealplayerMatch11.0.5
OR
realnetworksrealplayerMatch11.1
Node
realnetworksrealplayer_spMatch1.0.0
OR
realnetworksrealplayer_spMatch1.0.1
OR
realnetworksrealplayer_spMatch1.0.2
OR
realnetworksrealplayer_spMatch1.0.5
OR
realnetworksrealplayer_spMatch1.1
OR
realnetworksrealplayer_spMatch1.1.1
OR
realnetworksrealplayer_spMatch1.1.2
OR
realnetworksrealplayer_spMatch1.1.3
OR
realnetworksrealplayer_spMatch1.1.4
Node
realnetworksrealplayerMatch2.1.2enterprise

7.7 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.953 High

EPSS

Percentile

99.4%