Lucene search

MitreCVE-2010-4394

HistoryDec 14, 2010 - 4:00 p.m.

CVE-2010-4394

2010-12-1416:00:05

CWE-119

mitre

web.nvd.nist.gov

cve

realnetworks

realplayer

buffer overflow

security vulnerability

remote code execution

nvd

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

8.1

Confidence

Low

EPSS

0.041

Percentile

92.3%

JSON

Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.5 allows remote web servers to execute arbitrary code via a long Server header in a response to an HTTP request that occurs during parsing of a RealPix file.

Affected configurations

Nvd

Node

realnetworksrealplayerMatch11.0

realnetworksrealplayerMatch11.0.1

realnetworksrealplayerMatch11.0.2

realnetworksrealplayerMatch11.0.3

realnetworksrealplayerMatch11.0.4

realnetworksrealplayerMatch11.0.5

realnetworksrealplayerMatch11.1

Node

realnetworksrealplayer_spMatch1.0.0

realnetworksrealplayer_spMatch1.0.1

realnetworksrealplayer_spMatch1.0.2

realnetworksrealplayer_spMatch1.0.5

realnetworksrealplayer_spMatch1.1

realnetworksrealplayer_spMatch1.1.1

realnetworksrealplayer_spMatch1.1.2

realnetworksrealplayer_spMatch1.1.3

realnetworksrealplayer_spMatch1.1.4

realnetworksrealplayer_spMatch1.1.5

VendorProductVersionCPE
realnetworksrealplayer11.0cpe:2.3:a:realnetworks:realplayer:11.0:*:*:*:*:*:*:*
realnetworksrealplayer11.0.1cpe:2.3:a:realnetworks:realplayer:11.0.1:*:*:*:*:*:*:*
realnetworksrealplayer11.0.2cpe:2.3:a:realnetworks:realplayer:11.0.2:*:*:*:*:*:*:*
realnetworksrealplayer11.0.3cpe:2.3:a:realnetworks:realplayer:11.0.3:*:*:*:*:*:*:*
realnetworksrealplayer11.0.4cpe:2.3:a:realnetworks:realplayer:11.0.4:*:*:*:*:*:*:*
realnetworksrealplayer11.0.5cpe:2.3:a:realnetworks:realplayer:11.0.5:*:*:*:*:*:*:*
realnetworksrealplayer11.1cpe:2.3:a:realnetworks:realplayer:11.1:*:*:*:*:*:*:*
realnetworksrealplayer_sp1.0.0cpe:2.3:a:realnetworks:realplayer_sp:1.0.0:*:*:*:*:*:*:*
realnetworksrealplayer_sp1.0.1cpe:2.3:a:realnetworks:realplayer_sp:1.0.1:*:*:*:*:*:*:*
realnetworksrealplayer_sp1.0.2cpe:2.3:a:realnetworks:realplayer_sp:1.0.2:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
realnetworks	realplayer	11.0	cpe:2.3:a:realnetworks:realplayer:11.0:::::::*
realnetworks	realplayer	11.0.1	cpe:2.3:a:realnetworks:realplayer:11.0.1:::::::*
realnetworks	realplayer	11.0.2	cpe:2.3:a:realnetworks:realplayer:11.0.2:::::::*
realnetworks	realplayer	11.0.3	cpe:2.3:a:realnetworks:realplayer:11.0.3:::::::*
realnetworks	realplayer	11.0.4	cpe:2.3:a:realnetworks:realplayer:11.0.4:::::::*
realnetworks	realplayer	11.0.5	cpe:2.3:a:realnetworks:realplayer:11.0.5:::::::*
realnetworks	realplayer	11.1	cpe:2.3:a:realnetworks:realplayer:11.1:::::::*
realnetworks	realplayer_sp	1.0.0	cpe:2.3:a:realnetworks:realplayer_sp:1.0.0:::::::*
realnetworks	realplayer_sp	1.0.1	cpe:2.3:a:realnetworks:realplayer_sp:1.0.1:::::::*
realnetworks	realplayer_sp	1.0.2	cpe:2.3:a:realnetworks:realplayer_sp:1.0.2:::::::*